Paper 2004/017

Cryptanalysis of an ID-based Password Authentication Scheme using Smart Cards and Fingerprints

M. Scott

Abstract

In a paper recently published in the ACM Operating Systems Review, Kim, Lee and Yoo \cite{kim-lee-yoo} describe two ID-based password authentication schemes for logging onto a remote network server using smart cards, passwords and fingerprints. Various claims are made regarding the security of the schemes, but no proof is offered. Here we show how a passive eavesdropper, without access to any smart card, password or fingerprint, and after passively eavesdropping only one legitimate log-on, can subsequently log-on to the server claiming any identity.

Metadata
Available format(s)
PS
Category
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Keywords
cryptanalysisID-based methodspassword authenticationsmart cards
Contact author(s)
mike @ computing dcu ie
History
2004-01-27: received
Short URL
https://ia.cr/2004/017
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2004/017,
      author = {M.  Scott},
      title = {Cryptanalysis of an ID-based Password Authentication Scheme using Smart Cards and Fingerprints},
      howpublished = {Cryptology ePrint Archive, Paper 2004/017},
      year = {2004},
      note = {\url{https://eprint.iacr.org/2004/017}},
      url = {https://eprint.iacr.org/2004/017}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.