Cryptanalysis of Yang-Wang-Chang's Password Authentication Scheme with Smart Cards
Al-Sakib Khan Pathan, Choong Seon Hong
TL;DR
This paper critically analyzes the Yang-Wang-Chang password authentication scheme, revealing it remains insecure against multiple forgery attacks despite improvements, and challenges claims of its intractability.
Contribution
The paper demonstrates that the Yang-Wang-Chang scheme is vulnerable to forgery attacks and refutes its claimed security improvements over previous schemes.
Findings
The scheme is vulnerable to four types of forgery attacks.
Claims of intractability are proven incorrect.
Existing attack methods can still compromise the scheme.
Abstract
In 2005, Yang, Wang, and Chang proposed an improved timestamp-based password authentication scheme in an attempt to overcome the flaws of Yang-Shieh_s legendary timestamp-based remote authentication scheme using smart cards. After analyzing the improved scheme proposed by Yang-Wang-Chang, we have found that their scheme is still insecure and vulnerable to four types of forgery attacks. Hence, in this paper, we prove that, their claim that their scheme is intractable is incorrect. Also, we show that even an attack based on Sun et al._s attack could be launched against their scheme which they claimed to resolve with their proposal.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Authentication Protocols Security · User Authentication and Security Systems · Biometric Identification and Security