Security Weaknesses of a Timestamp-Based User Authentication Scheme with Smart Card

Jaewook Jung, Younsung Choi, Donghoon Lee, Jiye Kim, Dongho Won
2015 International Journal of Information and Education Technology  
Remote User authentication scheme is commonly used for communication between authorized remote users over insecure network. Due to its simplicity and convenience, it is widely used in many environments such as E-commerce or remote host login. In recent years, several remote user authentication schemes using smart card have been proposed. Recently, Huang et al. proposed a timestamp-based user authentication scheme with smart card. They claimed that their scheme can resist off-line password
more » ... ng attack. However, there is some vulnerability Huang et al.'s scheme that we find their scheme cannot resist the off-line password guessing attack and it cannot detect the wrong password in login phase, and also insecure for changing the user's password in password change phase. In this paper, we conduct detailed analysis of flaws in Huang et al.'s scheme. Index Terms-Remote user authentication scheme, smart card, password, security.
doi:10.7763/ijiet.2015.v5.567 fatcat:rtgaadyixveola4d574j6zxjbi