Vulnerabilities in a Two-Factor User Authentication in Multi-server Networks Protocol
Multi-server authentication schemes allow users to register to a registration center once in order to get services offered by multiple servers. Many of the protocols for multi-server environment make use of a smart card and most of them are vulnerable to a smart card loss attack which allows adversaries to get sensible information and carry on various efficient attacks. In this paper we focus on a smart-card based multi-server authentication scheme which is claimed to withstand some usual attacks for this kind of protocol. Unfortunately, the authors do not provide a formal security analysis of the proposed protocol and therefore, we show that it is vulnerable to online password guessing, impersonation attacks and most important, session key disclosure.
Keywordsmulti-server authentication impersonation attacks online password guessing hash function
Unable to display preview. Download preview PDF.
- 7.Chang, C.C., Cheng, T.F.: A robust and efficient smart card based remote login mechanism for multi-server architecture. International Journal of Innovative Computing, Information and Control 7(8), 4589–4602 (2011)Google Scholar
- 8.Li, C.T., Weng, C.Y., Fan, C.I.: Two-factor user authentication in multi-server networks. International Journal of Security & Its Applications 6(2) (2012)Google Scholar
- 11.The AVISPA project, http://www.avispa-project.org/