Sciweavers

IJNSEC
2008

New Cryptanalysis Paradigm on a Nonce-based Mutual Authentication Scheme

13 years 11 months ago
New Cryptanalysis Paradigm on a Nonce-based Mutual Authentication Scheme
In 2005, Lee, Kim, and Yoo proposed a nonce-based mutual authentication scheme using smart cards. However, this paper demonstrates that Lee-Kim-Yoo's scheme is vulnerable to an impersonation attack that the attacker without knowing the remote user's any secret can masquerade as him by obtaining the valid authentication message from any normal session between the remote user and the system. Our purpose is to emphasize that it is dangerous that the remote user and the system separately implement their authentication operations without any logical relation to achieve the mutual authentication. Furthermore, we suggest that the tool of matching conversations would be useful as a sanity check to find this kind of the security breach.
Da-Zhi Sun, Zhen-Fu Cao
Added 12 Dec 2010
Updated 12 Dec 2010
Type Journal
Year 2008
Where IJNSEC
Authors Da-Zhi Sun, Zhen-Fu Cao
Comments (0)