Cryptology ePrint Archive: Report 2009/610

Security Analysis of A Remote User Authentication Protocol by Liao and Wang

Dang Nguyen Duc and Kwangjo Kim

Abstract: In Elsevier's journal of Computer Standards & Interfaces, 2007, Liao and Wang proposed an authentication protocol using smart card and claimed that their protocol provides security against replay attacks, active attacks and insider attacks. In addition, they argued that user anonymity is guaranteed. In this paper, we point out that Liao-Wang protocol is vulnerable to an insider attack by presenting a simple method for a malicious server to impersonate any user authenticating to the server. We also demonstrate that user anonymity can be violated as colluding servers can easily track activities of users.

Category / Keywords: cryptographic protocols / cryptanalysis

Date: received 9 Dec 2009

Contact author: nguyenduc at icu ac kr

Available format(s): PDF | BibTeX Citation

Version: 20091209:222016 (All versions of this report)

Short URL: ia.cr/2009/610

Discussion forum: Show discussion | Start new discussion