Cryptology ePrint Archive: Report 2009/610
Security Analysis of A Remote User Authentication Protocol by Liao and Wang
Dang Nguyen Duc and Kwangjo Kim
Abstract: In Elsevier's journal of Computer Standards & Interfaces, 2007, Liao and Wang proposed an authentication protocol using smart card and claimed that their protocol provides security against replay attacks, active attacks and insider attacks. In addition, they argued that user anonymity is guaranteed. In this paper, we point out that Liao-Wang protocol is vulnerable to an insider attack by presenting a simple method for a malicious server to impersonate any user authenticating to the server. We also demonstrate that user anonymity can be violated as colluding servers can easily track activities of users.
Category / Keywords: cryptographic protocols / cryptanalysis
Date: received 9 Dec 2009
Contact author: nguyenduc at icu ac kr
Available format(s): PDF | BibTeX Citation
Version: 20091209:222016 (All versions of this report)
Short URL: ia.cr/2009/610
[ Cryptology ePrint archive ]