Paper 2015/656

Cryptanalysis of a Markov Chain Based User Authentication Scheme

Ruhul Amin and G. P. Biswas

Abstract

Session key agreement protocol using smart card is extremely popular in client-server environment for secure communication. Remote user authentication protocol plays a crucial role in our daily life such as e-banking, bill-pay, online games, e-recharge, wireless sensor network, medical system, ubiquitous devices etc. Recently, Djellali et al. proposed a session key agreement protocol using smart card for ubiquitous devices. The main focus of this paper is to analyze security pitfalls of smart card and password based user authentication scheme. We have carefully reviewed Djellali et al.'s scheme and found that the same scheme suffers from several security weaknesses such as off-line password guessing attack, privileged insider attack. Moreover, we demonstrated that the Djellali et al.'s scheme does not provide proper security protection on the secret key of the server and presents inefficient password change phase.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MAJOR revision.
Keywords
Security AttacksMarkov ChainAuthentication ProtocolSmart Card.
Contact author(s)
amin_ruhul @ live com
History
2015-07-02: received
Short URL
https://ia.cr/2015/656
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/656,
      author = {Ruhul Amin and G. P.  Biswas},
      title = {Cryptanalysis of a Markov Chain Based User Authentication Scheme},
      howpublished = {Cryptology ePrint Archive, Paper 2015/656},
      year = {2015},
      note = {\url{https://eprint.iacr.org/2015/656}},
      url = {https://eprint.iacr.org/2015/656}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.