1. Department of Training, Automobile Sergeant Institute of PLA, Bengbu Anhui 233011, China
2. College of Computer Science and Technology, Harbin Engineering University, Harbin Heilongjiang 150001, China
Abstract:Since identity authentication becomes an essential mechanism to ensure robust system security in distributed networks, smartcard-based remote user password authentication protocols have been studied intensively recently. Two recently proposed smartcard-based authentication protocols were examined with the scenario-based attack techniques. The protocol presented in “Cryptanalysis and improvement of Liao et al. 's remote user authentication scheme” (PAN Chun-lan, ZHOU An-min, XIAO Feng-xia, et al. Improved remote user authentication scheme. Computer Engineering and Applications, 2010,46(4):110-112) can not withstand the offline password guessing attack as the authors claimed, while the protocol presented in “Improved scheme for smart card password authentication based on bilinear pairings” (DENG Li, WANG Xiao-feng. Improved scheme for smart card password authentication based on bilinear pairings. Computer Engineering, 2010,36(18):150-152) is found vulnerable to the Denial of Service (DoS) attack and insider attack. The analytical results show that, both protocols are susceptible to serious security threats and impractical for security-concerned applications.
薛锋 汪定 王立萍 马春光. 对两个基于智能卡的口令认证协议的安全性分析[J]. 计算机应用, 2012, 32(07): 2007-2009.
XUE Feng WANG Ding WANG Li-ping MA Chun-guang. Cryptanalysis of two smartcard-based remote user password authentication protocols. Journal of Computer Applications, 2012, 32(07): 2007-2009.