Design Flaws and Cryptanalysis of Cui et al’s User Authentication Scheme (Cui 등의 사용자 인증 스킴의 설계 오류와 안전성 분석)

Mi-Og Park (박미옥)

doi:10.9708/jksci.2019.24.10.041

Design Flaws and Cryptanalysis of Cui et al’s User Authentication Scheme

Journal of The Korea Society of Computer and Information
Abbr : JKSCI
2019, 24(10), pp.41-48
DOI : 10.9708/jksci.2019.24.10.041
Publisher : The Korean Society Of Computer And Information
Research Area : Engineering > Computer Science
Received : August 29, 2019
Accepted : October 21, 2019
Published : October 31, 2019

Mi-Og Park ¹

¹성결대학교

Accredited

ABSTRACT

In 2018, Cui et al proposed a three-factor remote user authentication scheme using biometrics. Cui et al claimed that their authentication scheme is vulnerable to eavesdropping attack, stolen smart card attack, and especially Dos(denial-of-service) attack. Also they claimed that it is safe to password guessing attack, impersonation attack, and anonymity attack. In this paper, however, we analyze Cui et al’s authentication scheme and show that it is vulnerable to replay attack, insider attack, stolen smart card attack, and user impersonation attack, etc. In addition, we present the design flaws in Cui et al’s authentication scheme as well.

KEYWORDS

User authentication, Biometrics, Stolen smart-card attack, Dynamic identity

Citation status

* References for papers published after 2023 are currently being built.

[journal] Y. J. Liu / 2017 / An Efficient and Secure Smart Card Based Password Authentication Scheme / International Journal of Network Security 19(1) : 1~10

[journal] P. Chandrakar / 2018 / An Efficient Two-Factor Remote User Authentication and Session Key Agreement Scheme Using Rabin Cryptosystem / Arabian Journal for Science and Engineering 43(2) : 661~673

[journal] 최윤성 / 2018 / Security Enhanced Anonymous Two Factor Mutual Authentication Scheme with Key Agreement / 디지털콘텐츠학회논문지 / 한국디지털콘텐츠학회 19(12) : 2415~2422

[journal] W. Zheng / 2018 / Lightweight Certificateless Two-Factor Authentication Protocol Using Smart Cards / Journal of Internet Technology 19(7) : 2227~2234

[journal] A. K. Das / 2011 / Analysis and Improvement on an efficient biometric-based remote user authentication scheme using smart cards / IET Information Security 5(3) : 541~552

[journal] 안영화 / 2012 / Security Analysis and Improvements of a Biometrics-based User Authentication Scheme Using Smart Cards / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 17(2) : 159~166

[journal] Y. An / 2012 / Security Analysis and Enhancements of an Effective Biometric-Based Remote User Authentication Scheme Using Smart Cards / Journal of Biomedicine and Biotechnology 2012 : 1~6

[confproc] S. Ibjaoun / 2016 / Analysis and enhancements of an efficient biometric based remote user authentication scheme using smart cards / 2016IEEE/ACS 13th International Conference of Computer Systems and Applications

[confproc] J. Cui / 2018 / A Biometrics-Based Remote User Authentication Scheme Using Smart Cards / 3rd International Conference on Computer and Communication Systems 2018 : 531~542

[journal] K. P. Xue / 2014 / A Lightweight Dynamic Pseudonym Identity based Authentication and Key Agreement Protocol without Verification Tables for Multi-server Architecture / Journal Computer and System Sciences 80(1) : 195~206

[journal] D. B. He / 2015 / Robust Biometrics-based Authentication Scheme for Multi Server Environment / IEEE System Journal 9(3) : 816~823

[journal] X. Li / 2011 / Cryptanalysis and Improvement of a Biometrics-based Remote User Authentication Scheme using Smart Cards / Journal of Network and Computer Applications 34(1) : 76~79

[journal] C. T. Li / 2010 / An Efficient Biometrics-based Remote User Authentication Scheme using Smart Cards / Journal of Network and Computer Applications 33(1) : 1~5

[journal] V. Odelu / 2015 / A Secure Biometrics-based Multi-server Authentication Protocol using Smart Cards / IEEE Transactions on Information Forensics and Security 10(9) : 1953~1966

[journal] Z. Zheng / 2010 / A Hybrid Password Authentication Scheme Based on Shape and Text / Journal of Computers 5(5) : 765~772

[journal] Y. S. Choi / 2014 / Security Enhanced Anonymous Multi Server Authenticated Key Agreement Scheme using Smart Cards and Biometrics / Scientific World Journal 2014 : 1~15

[journal] Mingping Qi / 2018 / A secure biometrics-based authentication key exchange protocol for multi-server TMIS using ECC / Computer Methods and Programs in Biomedicine / Elsevier BV 164 : 101~109

[journal] W. S. Juang / 2004 / Efficient Multi-server Password Authenticated Key Agreement Using Smart Cards / IEEE Transactions on Consumer Electronics 50(1) : 251~255

[confproc] W.J. Tsuar / 2001 / A Flexible User Authentication for Multi-server Internet Services / Networking —ICN 2001 First International Conference on Networking 2001 2094 : 174~183

KJCKorea
Journal Central

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65

Design Flaws and Cryptanalysis of Cui et al’s User Authentication Scheme

ABSTRACT

KEYWORDS

Citation status

* References for papers published after 2023 are currently being built.

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65

Design Flaws and Cryptanalysis of Cui et al’s User Authentication Scheme

ABSTRACT

KEYWORDS

Statistics

Tools

Issue List

Citation status

KCI Citation Counts (1)

REFERENCES (19) * References for papers published after 2023 are currently being built.

Search PDF

Citation

* References for papers published after 2023 are currently being built.