| 题名 |
New Cryptanalysis Paradigm on a Nonce-based Mutual Authentication Scheme |
| DOI |
10.6633/IJNS.200801.6(1).14 |
| 作者 |
Da-Zhi Sun;Zhen-Fu Cao |
| 关键词 |
Impersonation attack ; matching conversation ; mutual authentication ; smart card |
| 期刊名称 |
International Journal of Network Security |
| 卷期/出版年月 |
6卷1期(2008 / 01 / 01) |
| 页次 |
116 - 120 |
| 内容语文 |
英文 |
| 英文摘要 |
In 2005, Lee, Kim, and Yoo proposed a nonce-based mutual authentication scheme using smart cards. However, this paper demonstrates that Lee-Kim-Yoo's scheme is vulnerable to an impersonation attack that the attacker without knowing the remote user's any secret can masquerade as him by obtaining the valid authentication message from any normal session between the remote user and the system. Our purpose is to emphasize that it is dangerous that the remote user and the system separately implement their authentication operations without any logical relation to achieve the mutual authentication. Furthermore, we suggest that the tool of matching conversations would be useful as a sanity check to find this kind of the security breach. |
| 主题分类 |
基礎與應用科學 >
資訊科學 |
