Cryptology ePrint Archive: Report 2004/017

Cryptanalysis of an ID-based Password Authentication Scheme using Smart Cards and Fingerprints

M. Scott

Abstract: In a paper recently published in the ACM Operating Systems Review, Kim, Lee and Yoo \cite{kim-lee-yoo} describe two ID-based password authentication schemes for logging onto a remote network server using smart cards, passwords and fingerprints. Various claims are made regarding the security of the schemes, but no proof is offered. Here we show how a passive eavesdropper, without access to any smart card, password or fingerprint, and after passively eavesdropping only one legitimate log-on, can subsequently log-on to the server claiming any identity.

Category / Keywords: cryptographic protocols / cryptanalysis, ID-based methods, password authentication, smart cards

Date: received 26 Jan 2004

Contact author: mike at computing dcu ie

Available formats: Postscript (PS) | Compressed Postscript (PS.GZ) | BibTeX Citation

Version: 20040127:083215 (All versions of this report)

Discussion forum: Show discussion | Start new discussion