×

Security enhancement of an IC-card-based remote login mechanism. (English) Zbl 1118.68475

Summary: C. T. Wang, C. C. Chang and C. H.Lin [“Using IC cards to remotely login passwords without verification tables”, in: Proc. 18th International Conference on Advanced Information Networking and Applications, Fukuoka, Japan, Vol. 1, 321–326 (2004)] presented a remote password authentication scheme using IC (Integrated Circuit) cards in 2004. Unfortunately, we discovered that their scheme is unable to withstand the forgery attack. We consequently propose in this paper a novel version to resist this kind of attacks. Furthermore, our scheme can also provide mutual authentication between a remote server and login users. The security of our scheme is based on the public one-way hash function. What is more, the timestamp mechanism is applied in our scheme to protect such potential attacks in the case that an intruder may replay a previously intercepted login request to access the remote server.

MSC:

68P25 Data encryption (aspects in computer science)
68M10 Network design and communication in computer systems
PDFBibTeX XMLCite
Full Text: DOI