Skip to main content
SpringerLink
Log in

Security Flaws in a Smart Card Based Authentication Scheme for Multi-server Environment

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Recently, Wang and Ma (Wireless Pers Commun, 2012. doi:10.1007/s11277-011-0456-7) proposed a smart card based authentication scheme for multi-server environment. They also demonstrated that their scheme could overcome various attacks. In this paper, the security of Wang et al.’s scheme is evaluated. Our analysis shows their scheme is vulnerable to the server spoofing attack, the impersonation attack, the privileged insider attack and the off-line password guessing attack.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

References

  1. Lamport L. (1981) Password authentication with insecure communication. Communications of the ACM 24(11): 770–772

    Article  MathSciNet  Google Scholar 

  2. Lee J., Ryu S., Yoo K. (2002) Fingerprint-based remote user authentication scheme using smart cards. Electronic Letters 38(12): 554–555

    Article  Google Scholar 

  3. Preda R. O., Vizireanu D. N. (2010) A robust digital watermarking scheme for video copyright protection in the wavelet domain. Measurement 43(10): 1720–1726

    Article  Google Scholar 

  4. Preda R. O., Vizireanu D. N. (2011) A robust wavelet based video watermarking scheme for copyright protection using the human visual system. Journal of Electronic Imaging 20: 013022

    Article  Google Scholar 

  5. Preda R. O., Vizireanu D. N. (2011) Quantization based video watermarking in the wavelet domain with spatial and temporal redundancy. International Journal of Electronics 98(03): 393–405

    Article  Google Scholar 

  6. Hwang M., Li L. (2000) A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 46(1): 28–30

    Article  Google Scholar 

  7. Vergados D., Stergiou G. (2007) An authentication scheme for ad-hoc networks using threshold secret sharing. Wireless Personal Communications 43(4): 1767–1780

    Article  Google Scholar 

  8. Tchepnda C., Moustafa H., Labiod H., Bourdon G. (2009) On analyzing the potential of a layer-2 multi-hop authentication and credential delivery scheme for vehicular communications. Wireless Personal Communications 51(1): 31–52

    Article  Google Scholar 

  9. Phan R., Wu J., Ouafi K., Stinson D. (2011) Privacy analysis of forward and backward untraceable RFID authentication schemes. Wireless Personal Communications 61(1): 69–81

    Article  Google Scholar 

  10. He D., Chen J., Hu J. (2011) Further improvement of Juang et al.’s password-authenticated key agreement scheme using smart cards. Kuwait Journal of Science & Engineering 38(2A): 55–68

    MathSciNet  Google Scholar 

  11. He D., Chen J., Hu J. (2012) An ID-based client authentication with key agreement protocol for mobile client–server environment on ECC with provable security. Information Fusion 13(3): 223–230

    Article  Google Scholar 

  12. He D., Chen J., Zhang R. (2012) A more secure authentication scheme for telecare medicine information systems. Journal of Medical Systems 36(3): 1989–1995

    Article  Google Scholar 

  13. He, D., Chen, J., & Chen, Y. (2012). A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography. Security and Communication Networks. doi:10.1002/sec.506.

  14. He, D., Chen, Y., & Chen, J. (2012). Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol. Nonlinear Dynamics. doi:10.1007/s11071-012-0335-0.

  15. Wang, B., & Ma, M. (2012). A smart card based efficient and secured multi-server authentication scheme. Wireless Personal Communications. doi:10.1007/s11277-011-0456-7.

  16. He D., Wu S., Chen J. (2012) Note on ‘Design of improved password authentication and update scheme based on elliptic curve cryptography’. Mathematical and Computer Modelling 55(3–4): 1661–1664

    Article  MathSciNet  MATH  Google Scholar 

  17. Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Proceedings of advances in cryptology (CRYPTO 99) (pp. 388–397).

  18. Messerges T., Dabbish E., Sloan R. (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers 51(5): 541–552

    Article  MathSciNet  Google Scholar 

  19. Pu, Q. (2011). Weaknesses of SIP authentication scheme for converged VoIP networks. http://eprint.iacr.org/2010/464

Download references

Author information

Authors and Affiliations

  1. School of Mathematics and Statistics, Wuhan University, Wuhan, China

    Debiao He

  2. Department of Networks Engineering, Information Engineering University, Zhengzhou, China

    Shuhua Wu

Authors
  1. Debiao He
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shuhua Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Debiao He.

Rights and permissions

Reprints and permissions

About this article

Cite this article

He, D., Wu, S. Security Flaws in a Smart Card Based Authentication Scheme for Multi-server Environment. Wireless Pers Commun 70, 323–329 (2013). https://doi.org/10.1007/s11277-012-0696-1

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-012-0696-1

Keywords

Search

Navigation