Security weaknesses in Chang and Wu's key agreement protocol for a multi-server environment

IEEE International Conference on e-Business Engineering, ICEBE'08 - Workshops: AiR'08, EM2I'08, SOAIC'08, SOKM'08, BIMA'08, DKEEE'08

Volumn , Issue , 2008, Pages 308-314

  Lee, Youngsook ^a   Won, Dongho ^a  

^a Sungkyunkwan University   (South Korea)

Author keywords

[No Author keywords available]

Indexed keywords

SECURITY OF DATA;

IMPERSONATION ATTACKS; KEY AGREEMENT PROTOCOLS; MUTUAL AUTHENTICATIONS; PASSWORD GUESSING; PASSWORD SECURITIES; PERFECT FORWARD SECRECIES; SECURITY ANALYSES; SECURITY FLAWS; SECURITY WEAKNESSES;

ELECTRONIC COMMERCE;

EID: 58149093185     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICEBE.2008.56     Document Type: Conference Paper

References (29)

1. Anti-Phishing Working Group (http://www.antiphishing.org).
2. R. Bird, I. Gopal, A. Herzberg, P. A. Janson, S. Kutten, R. Molva, and M. Yung. Systematic design of a family of attack-resistant authentication protocols. IEEE Journal on Selected Areas in Communications, 11(5):679-693, 1993.
3. U. Carlsen. Cryptographic protocol flaws: know your enemy. Proceedings of the 7th IEEE Computer Security Foundations Workshop, pages 192-200, 1994.
4. C.-C. Chang and C.-C. Wu. A novel key agreement scheme in a multiple server environment. 7th International Workshop, Workshop on Information Security Applications (WISA 2006), LNCS, 4298:187-197, 2007.
5. C.-C. Chang and T.-C. Wu. Remote password authentication with smart cards. IEE Proceedings E - Computers and Digital Techniques, 138(3): 165-168, 1991.
6. H.-Y. Chien, J.-K. Jan, and Y.-M. Tseng. An efficient and practical solution to remote authentication: smart card. Computers & Security, 21(4):372-375, 2002.
7. K.-K. R. Choo. Provably-secure mutual authentication and key establishment protocols lounge. Available from: (http://sky.flt.qut.edu.au/ choo/lounge.html), 2006.
8. W. Diffie, P. C. van Oorschot, and M. J. Wiener. Authentication and authenticated key exchange. Designs, Codes and Cryptography, 2(2): 107-125, 1992.
9. C.-L. Hsu. Security of chien et al.'s remote user authentication scheme using smart cards. Computer Standards & Interfaces, 26(3):167-169, 2004.
10. M.-S. Hwang and L.-H. Li. Security of chien et al.'s remote user authentication scheme using smart cards. Computer Standards & Interfaces, 26(3):167-169, 2004.
11. M.-S. Hwang, L.-H. Li, and Y.-L. Tang. A simple remote user authentication.
12. Z. Jun, Z. Yu, M. Fanyuan, G. Dawu, and B. Yingcai. An extension of secure group communication using key graph. Information Sciences, 176(20):3060-3078, 2006.
13. J. Katz and M. Yung. Scalable protocols for authenticated group key exchange. Proceedings of Advances in Cryptology (CRYPTO 2003), LNCS, 2729(20):110-125, 2003.
14. P. Kocher, J. Jaffe, and B. Jun. Differential power analysis. Proceedings of Advances in Cryptology (CRYPTO 1999), pages 388-397, 1999.
15. W.-C. Ku, S.-T. Chang, and M.-H. Chiang. Weaknesses of a remote user authentication scheme using smart cards for multi-server architecture. IEICE Trans. on Commmunications, E88-B(8):3451-3454, 2005.
16. L. Lamport. Password authentication with insecure communication. Communications of the ACM, 24(11):770-772, 1981.
17. L.-H. Li, I.-C. Lin, and M.-S. Hwang. A remote password authentication scheme for multi-server architecture using neural networks. IEEE Trans. on Neural Networks, 12(6), 2001.
18. I.-C. Lin, M.-S. Hwang, and L.-H. Li. A new remote user authentication scheme for multi-server internet environments. Future Generation Computer System, 19:13-22, 2003.
19. J. Liu, J. Liao, and X. Zhu. A password-based authentication and key establishment scheme for mobile environment. Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW 2007), 2:99-104, 2007.
20. G. Lowe. An attack on the needham-schroeder public-key authentication protocol. Information Processing Letters, 56(3):131-133, 1995.
21. T.-S. Messerges, E.-A. Dabbish, and R.-H. Sloan. Examining smart card security under the threat of power analysis attacks. IEEE Trans. on Computers, 51(5):541-552, 2002.
22. J. Nam, Y. Lee, S. Kim, and D. Won. Security weakness in a three-party pairing-based protocol for password authenticated key exchange. Information Sciences, 177(6): 1364-1375, 2007.
23. K.-A. Shim and S. Woo. Cryptanalysis of tripartite and multi-party authenticated key agreement protocols. Information Sciences, 177(4): 1143-1151, 2007.
24. H.-M. Sun. An efficient remote user authentication scheme using smart cards. IEEE Trans. on Consumer Electronics, 46(4):958-961, 2000.
25. X. Tian, R. W. Zhu, and D. S. Wong. Improved efficient remote user authentication schemes. International Journal of Network Security, 4(2):149-154, 2007.
26. W.-J. Tsaur, C.-C. Wu, and W.-B. Lee. A smart card-based remote scheme for password authentication in multi-server internet services. Computer Standards & Interfaces, 27:39-51, 2004.
27. W.-H. Yang and S.-R Shieh. Password authentication schemes with smart card. Computers & Security, 18(8):727-733, 1999.
28. E.-J. Yoon, W.-H. Kim, and K.-Y. Yoo. Security enhancement for password authentication schemes with smart cards. Proceedings of the 2nd International Conference on Trust, Privacy, and Security in Digital Business (TrustBus 2005), LNCS, 3592:90-99, 2005.
29. E.-J. Yoon, E.-K. Ryu, and K.-Y. Yoo. An improvement of hwang-lee-tang's simple remote user authentication scheme. Computers & Security, 24(l):50-56, 2005.