Cryptanalysis of a remote login authentication scheme

doi:10.1016/S0140-3664(99)00036-5

Computer Communications

Volume 22, Issue 8, 25 May 1999, Pages 742-744

https://doi.org/10.1016/S0140-3664(99)00036-5 Get rights and content

Abstract

In this article, we present a cryptanalysis of Wu’s proposed efficient remote login authentication scheme which is based on simple geometric properties on the Euclidean plane. We show that the scheme contains pitfalls in the authentication phase.

Introduction

In 1995, Wu proposed an efficient remote login authentication scheme [1] which is based on simple geometric properties on the Euclidean plane. Wu’s scheme is much simpler to implement than other remote login authentication schemes. The main advantage of this scheme is that users can choose and freely change their passwords, and the proposed system does not need verification tables for authenticating login requests.

Wu claimed that the security of his scheme is based on the shared line L_i constructed in the registration phase. However, if an illegal user has the ability to reconstruct L_i, then he can impersonate a legal user by forging a valid authentic message and replaying it to pass the check in the authentication phase. In this article, we show that an illegal user may intercept a valid login request and replay it later to impersonate a legal user.

Section snippets

The weakness of Wu’s scheme

The proposed remote login authentication scheme is based on simple geometric properties on the Euclidean plane [1]. It is divided into three phases: registration, login, and authentication. The registration phase is completed by the central authority (CA), whose main role is to deliver a smart card to each registered user. The smart card contains four public parameters, denoted as ID_i, f, P, and A_i, which are used in the login and authentication phases. The parameters are defined as follows:

•
ID_i

Conclusions

In this article, we presented a cryptanalysis of Wu’s remote login authentication scheme. We have shown that an illegal user can easily intercept a valid login request and replay it later to impersonate a legal user in the authentication phase.

References (2)

T.C. Wu
Remote login authentication scheme based on a geometric approach
Comput. Commun.
(1995)
L. Lamport
Password authentication with insecure communication
Commun. ACM
(1981)

Cited by (75)

Smart card based remote user authentication schemes: A survey
2012, Procedia Engineering
In recent years, a new technology has come into picturefor remote user authentication (RUA) in which the remote server verifies the legitimacy and authenticity of a user over an insecure communication channel using biometrics. Because of their computational cost and convenient portability for thepurpose of authentication, remote user authentication scheme based on smart cards is widely adopted. Mutual authentication and communication privacy are considered as the essential requirements in today's client-server architecture. Therefore in this paper, a survey on RUA scheme is done by analyzing and classifying the existing schemes accordingly. The existing schemes have several security pitfalls and are vulnerable to many attacks. Thus they fail to serve all the purposes of an ideal RUA scheme. An ideal RUA scheme should inherit all the security advantages of the existing schemes. In this paper, all possible goals and attacks are defined that an ideal RUA scheme should achieve and withstand respectively. Thus the main contribution of the paper is to come up with an ideal RUA scheme while keeping the merits of the well-known smart card based authentication schemes.
Enhancing the cloud security using side channel attack free QKD with entangled fuzzy logic
2022, Journal of Intelligent and Fuzzy Systems
Geometric authentication mechanism for enhancing security in IoT environment
2021, Symmetry
Literature review of authentication layer for public cloud computing: A meta-analysis
2019, Journal of Theoretical and Applied Information Technology
Design and analysis of an enhanced multifactor authentication through a covert approach
2019, Studies in Computational Intelligence
A password authentication method for remote users based on smart card and biometrics
2017, Journal of Discrete Mathematical Sciences and Cryptography

View all citing articles on Scopus

^☆: This research was partially supported by the National Science Council, Taiwan, R.O.C., under contract no.: NSC88-2213-E-324-002.

View full text

Research noteCryptanalysis of a remote login authentication scheme☆

Abstract

Introduction

Section snippets

The weakness of Wu’s scheme

Conclusions

Comput. Commun.

Password authentication with insecure communication

Commun. ACM

Research note
Cryptanalysis of a remote login authentication scheme☆