Cryptanalysis of A Secure Remote User Authentication Scheme Using Smart Cards
Tanmoy Maitra
TL;DR
This paper critically analyzes a smart card based remote user authentication scheme, revealing vulnerabilities such as reply attacks and login phase faults, thus questioning its practical security effectiveness.
Contribution
The paper identifies specific security flaws in a recent authentication scheme, demonstrating the need for improved protocols in smart card security.
Findings
The scheme is vulnerable to reply attacks.
There are faults in the login phase.
The scheme is not suitable for practical use.
Abstract
Smart card based authentication schemes are used in various fields like e-banking, e-commerce, wireless sensor networks, medical system and so on to authenticate the both remote user and the application server during the communication via internet. Recently, Karuppiah and Saravanan proposed an authentication scheme which is based on password and one-way cryptographic hash function. They have used a secure identity mechanism i.e., users' and server's identity are not public. Thus, the user and the server do not send their identity directly to each other during communications. In this paper, we have found out that their scheme does not overcome the reply attack and also there is a fault in the login phase, which makes their scheme is not perfect for practical use.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Authentication Protocols Security · User Authentication and Security Systems · Chaos-based Image/Signal Encryption