Security Analysis of an Efficient Smart Card-Based Remote User Authentication Scheme Using Hash Function
In a remote user authentication scheme, a remote server verifies whether a login user is genuine and trustworthy. Several remote user authentication schemes using the password, the biometrics and the smart card have been proposed in the literature. In 2012, Sonwanshi et al. proposed a password-based remote user authentication scheme using smart card, which uses the hash function and bitwise XOR operation. Their scheme is very efficient because of the usage of efficient one-way hash function and bitwise XOR operations. They claimed that their scheme is secure against several known attacks. Unfortunately, in this paper we find that their scheme has several vulnerabilities including the offline password guessing attack and stolen smart card attack. In addition, we show that their scheme fails to protect strong replay attack.
KeywordsCryptanalysis Password Remote user authentication Smart card Security Hash function
Unable to display preview. Download preview PDF.
- 1.Secure Hash Standard, FIPS PUB 180-1, National Institute of Standards and Technology (NIST), U.S. Department of Commerce (April 1995)Google Scholar
- 9.Sonwanshi, S.S., Ahirwal, R.R., Jain, Y.K.: An Efficient Smart Card based Remote User Authentication Scheme using hash function. In: Proceedings of IEEE SCEECS 2012, pp. 1–4 (March 2012)Google Scholar