A simple remote user authentication scheme is proposed and it does not require any password or verification tables in the remote server and any legal users could choose and change their passwords freely without the help of a remote server. This scheme is insecure if the secret key of the server is leaked or stolen and when the smart card is stolen, unauthorized users can easily change new password of the smart card. This scheme cannot resist the denial of service attack using stolen smart card and does not provide mutual authentication. An improved authentication scheme is proposed and it is vulnerable to a password guessing attack in case that the attacker steals the legal user's smart card and extracts the information from the smart card. Also an improved user authentication scheme based on the random nonce is proposed. This paper demonstrate that the random nonce based authentication scheme is insecure against forgery attack through replaying previous login and authentication message, and propose an improved scheme to resolve such problem. The proposed scheme using random nonce and timestamp is secure against various attacks.
A simple remote user authentication scheme is proposed and it does not require any password or verification tables in the remote server and any legal users could choose and change their passwords freely without the help of a remote server. This scheme is insecure if the secret key of the server is leaked or stolen and when the smart card is stolen, unauthorized users can easily change new password of the smart card. This scheme cannot resist the denial of service attack using stolen smart card and does not provide mutual authentication. An improved authentication scheme is proposed and it is vulnerable to a password guessing attack in case that the attacker steals the legal user's smart card and extracts the information from the smart card. Also an improved user authentication scheme based on the random nonce is proposed. This paper demonstrate that the random nonce based authentication scheme is insecure against forgery attack through replaying previous login and authentication message, and propose an improved scheme to resolve such problem. The proposed scheme using random nonce and timestamp is secure against various attacks.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.