Abstract
Recently, Wang and Ma (Wireless Pers Commun, 2012. doi:10.1007/s11277-011-0456-7) proposed a smart card based authentication scheme for multi-server environment. They also demonstrated that their scheme could overcome various attacks. In this paper, the security of Wang et al.’s scheme is evaluated. Our analysis shows their scheme is vulnerable to the server spoofing attack, the impersonation attack, the privileged insider attack and the off-line password guessing attack.
References
Lamport L. (1981) Password authentication with insecure communication. Communications of the ACM 24(11): 770–772
Lee J., Ryu S., Yoo K. (2002) Fingerprint-based remote user authentication scheme using smart cards. Electronic Letters 38(12): 554–555
Preda R. O., Vizireanu D. N. (2010) A robust digital watermarking scheme for video copyright protection in the wavelet domain. Measurement 43(10): 1720–1726
Preda R. O., Vizireanu D. N. (2011) A robust wavelet based video watermarking scheme for copyright protection using the human visual system. Journal of Electronic Imaging 20: 013022
Preda R. O., Vizireanu D. N. (2011) Quantization based video watermarking in the wavelet domain with spatial and temporal redundancy. International Journal of Electronics 98(03): 393–405
Hwang M., Li L. (2000) A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 46(1): 28–30
Vergados D., Stergiou G. (2007) An authentication scheme for ad-hoc networks using threshold secret sharing. Wireless Personal Communications 43(4): 1767–1780
Tchepnda C., Moustafa H., Labiod H., Bourdon G. (2009) On analyzing the potential of a layer-2 multi-hop authentication and credential delivery scheme for vehicular communications. Wireless Personal Communications 51(1): 31–52
Phan R., Wu J., Ouafi K., Stinson D. (2011) Privacy analysis of forward and backward untraceable RFID authentication schemes. Wireless Personal Communications 61(1): 69–81
He D., Chen J., Hu J. (2011) Further improvement of Juang et al.’s password-authenticated key agreement scheme using smart cards. Kuwait Journal of Science & Engineering 38(2A): 55–68
He D., Chen J., Hu J. (2012) An ID-based client authentication with key agreement protocol for mobile client–server environment on ECC with provable security. Information Fusion 13(3): 223–230
He D., Chen J., Zhang R. (2012) A more secure authentication scheme for telecare medicine information systems. Journal of Medical Systems 36(3): 1989–1995
He, D., Chen, J., & Chen, Y. (2012). A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography. Security and Communication Networks. doi:10.1002/sec.506.
He, D., Chen, Y., & Chen, J. (2012). Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol. Nonlinear Dynamics. doi:10.1007/s11071-012-0335-0.
Wang, B., & Ma, M. (2012). A smart card based efficient and secured multi-server authentication scheme. Wireless Personal Communications. doi:10.1007/s11277-011-0456-7.
He D., Wu S., Chen J. (2012) Note on ‘Design of improved password authentication and update scheme based on elliptic curve cryptography’. Mathematical and Computer Modelling 55(3–4): 1661–1664
Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Proceedings of advances in cryptology (CRYPTO 99) (pp. 388–397).
Messerges T., Dabbish E., Sloan R. (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers 51(5): 541–552
Pu, Q. (2011). Weaknesses of SIP authentication scheme for converged VoIP networks. http://eprint.iacr.org/2010/464
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
He, D., Wu, S. Security Flaws in a Smart Card Based Authentication Scheme for Multi-server Environment. Wireless Pers Commun 70, 323–329 (2013). https://doi.org/10.1007/s11277-012-0696-1
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-012-0696-1