Cryptology ePrint Archive: Report 2015/656

Cryptanalysis of a Markov Chain Based User Authentication Scheme

Ruhul Amin and G.P. Biswas

Abstract: Session key agreement protocol using smart card is extremely popular in client-server environment for secure communication. Remote user authentication protocol plays a crucial role in our daily life such as e-banking, bill-pay, online games, e-recharge, wireless sensor network, medical system, ubiquitous devices etc. Recently, Djellali et al. proposed a session key agreement protocol using smart card for ubiquitous devices. The main focus of this paper is to analyze security pitfalls of smart card and password based user authentication scheme. We have carefully reviewed Djellali et al.'s scheme and found that the same scheme suffers from several security weaknesses such as off-line password guessing attack, privileged insider attack. Moreover, we demonstrated that the Djellali et al.'s scheme does not provide proper security protection on the secret key of the server and presents inefficient password change phase.

Category / Keywords: cryptographic protocols / Security Attacks, Markov Chain, Authentication Protocol, Smart Card.

Date: received 1 Jul 2015

Contact author: amin_ruhul at live com

Available format(s): PDF | BibTeX Citation

Version: 20150702:075848 (All versions of this report)

Short URL: ia.cr/2015/656

Discussion forum: Show discussion | Start new discussion