Paper 2009/610

Security Analysis of A Remote User Authentication Protocol by Liao and Wang

Dang Nguyen Duc and Kwangjo Kim

Abstract

In Elsevier's journal of Computer Standards & Interfaces, 2007, Liao and Wang proposed an authentication protocol using smart card and claimed that their protocol provides security against replay attacks, active attacks and insider attacks. In addition, they argued that user anonymity is guaranteed. In this paper, we point out that Liao-Wang protocol is vulnerable to an insider attack by presenting a simple method for a malicious server to impersonate any user authenticating to the server. We also demonstrate that user anonymity can be violated as colluding servers can easily track activities of users.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Keywords
cryptanalysis
Contact author(s)
nguyenduc @ icu ac kr
History
2009-12-09: received
Short URL
https://ia.cr/2009/610
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2009/610,
      author = {Dang Nguyen Duc and Kwangjo Kim},
      title = {Security Analysis of A Remote User Authentication Protocol by Liao and Wang},
      howpublished = {Cryptology ePrint Archive, Paper 2009/610},
      year = {2009},
      note = {\url{https://eprint.iacr.org/2009/610}},
      url = {https://eprint.iacr.org/2009/610}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.