Conference Papers

Permanent URI for this collectionhttps://idr.nitk.ac.in/handle/123456789/28506

Browse

Subject: search.filters.subject.cryptanalysis

Search Results

Now showing 1 - 2 of 2
  • No Thumbnail Available
    Item
    Cryptanalysis of a remote user authentication protocol using smart cards
    (IEEE Computer Society help@computer.org, 2014) Madhusudhan, R.; Kumar, R.S.
    Remote user authentication using smart cards is a method of verifying the legitimacy of remote users accessing the server through insecure channel, by using smart cards to increase the efficiency of the system. During last couple of years many protocols to authenticate remote users using smart cards have been proposed. But unfortunately, most of them are proved to be unsecure against various attacks. Recently this year, Yung-Cheng Lee improved Shin et al.'s protocol and claimed that their protocol is more secure. In this article, we have shown that Yung-Cheng-Lee's protocol too has defects. It does not provide user anonymity; it is vulnerable to Denial-of-Service attack, Session key reveal, user impersonation attack, Server impersonation attack and insider attacks. Further it is not efficient in password change phase since it requires communication with server and uses verification table. © 2014 IEEE.
  • No Thumbnail Available
    Item
    Cryptanalysis of remote user authentication scheme with key agreement
    (Institute of Electrical and Electronics Engineers Inc., 2015) Madhusudan, R.; Valiveti, A.
    Password authentication with smart card is one of the most convenient and effective two-factor authentication mechanisms for remote systems to assure one communicating party of the legitimacy of the corresponding party by acquisition of corroborative evidence. This technique has been widely deployed for various kinds of authentication applications, such as remote host login, online banking, e-commerce and e-health. Recently, Kumari et al. presented a dynamic-identity-based user authentication scheme with session key agreement. In this research, we illustrate that Kumari et al.'s scheme violates the purpose of dynamic-identity contrary to author's claim. We show that once the smart card of an arbitrary user is lost, messages of all registered users are at risk. Using information from an arbitrary smart card, an adversary can impersonate any user of the system. © 2015 IEEE.