“使用移动设备的远程认证方案”的进一步密码分析

2012 Fourth International Conference on Computational Aspects of Social Networks (CASoN) Pub Date : 2012-11-01 DOI:10.1109/CASoN.2012.6412408

M. Khan, S. Kumari, M. Gupta

{"title":"“使用移动设备的远程认证方案”的进一步密码分析","authors":"M. Khan, S. Kumari, M. Gupta","doi":"10.1109/CASoN.2012.6412408","DOIUrl":null,"url":null,"abstract":"In 2008, Khan et al. proposed a remote user authentication scheme on mobile device, using hash-function and fingerprint biometric. In 2010, Chen et al. discussed some security weaknesses of Khan et al.'s scheme and subsequently proposed an improved scheme. Recently, Truong et al. have demonstrated that in Chen et al.'s scheme, an adversary can successfully replay an intercepted login request. They also showed how an adversary can cheat both the legal participants, by taking advantage of the fact that the scheme does not provide anonymity to the user. In this paper, we show that Chen et al.'s scheme suffers from some additional drawbacks which were not presented by Truong et al. in its analysis.","PeriodicalId":431370,"journal":{"name":"2012 Fourth International Conference on Computational Aspects of Social Networks (CASoN)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Further cryptanalysis of ‘A remote authentication scheme using mobile device’\",\"authors\":\"M. Khan, S. Kumari, M. Gupta\",\"doi\":\"10.1109/CASoN.2012.6412408\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In 2008, Khan et al. proposed a remote user authentication scheme on mobile device, using hash-function and fingerprint biometric. In 2010, Chen et al. discussed some security weaknesses of Khan et al.'s scheme and subsequently proposed an improved scheme. Recently, Truong et al. have demonstrated that in Chen et al.'s scheme, an adversary can successfully replay an intercepted login request. They also showed how an adversary can cheat both the legal participants, by taking advantage of the fact that the scheme does not provide anonymity to the user. In this paper, we show that Chen et al.'s scheme suffers from some additional drawbacks which were not presented by Truong et al. in its analysis.\",\"PeriodicalId\":431370,\"journal\":{\"name\":\"2012 Fourth International Conference on Computational Aspects of Social Networks (CASoN)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 Fourth International Conference on Computational Aspects of Social Networks (CASoN)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CASoN.2012.6412408\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 Fourth International Conference on Computational Aspects of Social Networks (CASoN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CASoN.2012.6412408","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

摘要

2008年，Khan等人利用哈希函数和指纹生物识别技术在移动设备上提出了一种远程用户认证方案。2010年，Chen等人讨论了Khan等人方案的一些安全弱点，随后提出了一种改进方案。最近，Truong等人已经证明，在Chen等人的方案中，攻击者可以成功地重放被截获的登录请求。他们还展示了对手如何利用该方案不向用户提供匿名性的事实来欺骗合法参与者。在本文中，我们表明Chen等人的方案存在一些Truong等人在其分析中没有提出的额外缺陷。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Further cryptanalysis of ‘A remote authentication scheme using mobile device’

In 2008, Khan et al. proposed a remote user authentication scheme on mobile device, using hash-function and fingerprint biometric. In 2010, Chen et al. discussed some security weaknesses of Khan et al.'s scheme and subsequently proposed an improved scheme. Recently, Truong et al. have demonstrated that in Chen et al.'s scheme, an adversary can successfully replay an intercepted login request. They also showed how an adversary can cheat both the legal participants, by taking advantage of the fact that the scheme does not provide anonymity to the user. In this paper, we show that Chen et al.'s scheme suffers from some additional drawbacks which were not presented by Truong et al. in its analysis.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2012 Fourth International Conference on Computational Aspects of Social Networks (CASoN)

自引率

0.00%

发文量

期刊最新文献

Boosting Optimum-Path Forest clustering through harmony Search and its applications for intrusion detection in computer networks Graph-based cross-validated committees ensembles Automatic sentiment analysis of Twitter messages Identifying focal patterns in social networks Ontology-based Negotiation of security requirements in cloud