Cryptanalysis of Hsiang-Shih's Authentication Scheme for Multi-Server Architecture

Author

Kuo-Hui Yeh, National Taiwan University of Science and Technology
Nai-Wei Lo, National Taiwan University of Science and Technology
Yingjiu LI, Singapore Management UniversityFollow

Publication Type

Journal Article

Version

publishedVersion

Publication Date

7-2011

Abstract

From user point of view, password-based remote user authentication technique is one of the most convenient and easy-to-use mechanisms to provide necessary security on system access. As the number of computer crimes in modern cyberspace has increased dramatically, the robustness of password-based authentication schemes has been investigated by industries and organizations in recent years. In this paper, a well-designed password-based authentication protocol for multi-server communication environment, introduced by Hsiang and Shih, is evaluated. Our security analysis indicates that their scheme is insecure against session key disclosure, server spoofing attack, and replay attack and behavior denial.

Keywords

anonymity, authentication, dynamic ID, multi-server, smart cards

Discipline

Computer Sciences | Information Security

Research Areas

Cybersecurity

Publication

International Journal of Communication Systems (IJCS)

Volume

24

Issue

7

First Page

829

Last Page

836

ISSN

1074-5351

Identifier

10.1002/dac.1184

Publisher

Wiley

Citation

Yeh, Kuo-Hui; Lo, Nai-Wei; and LI, Yingjiu. Cryptanalysis of Hsiang-Shih's Authentication Scheme for Multi-Server Architecture. (2011). International Journal of Communication Systems (IJCS). 24, (7), 829-836.
Available at: https://ink.library.smu.edu.sg/sis_research/1334

Copyright Owner and License

Publisher

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1002/dac.1184