Recently, Hsiang et al. proposed a remote user authentication scheme suited for multi-server environment, in which users can be authenticated anonymously using a smart card. This work reviews Hsiang et al.'s scheme and provides a security analysis on the scheme. Our analysis shows that Hsiang et al.'s scheme does not achieve its fundamental goal of not only any kind of authentication, either server-to-user authentication or user-to-server authentication but also password security. The contribution of the current work is to demonstrate these by mounting two attacks, a server impersonation attack and a user impersonation attack, on Hsiang et al.'s scheme. In addition, we demonstrate that their scheme is vulnerable to two-factor security which guarantees the security of the scheme when either the user's smart card or its password is stolen, but not both by employing the off-line dictionary attack. © 2011 Springer-Verlag.
CITATION STYLE
Lee, Y., Kim, J., & Won, D. (2011). Cryptanalysis to a remote user authentication scheme using smart cards for multi-server environment. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 6771 LNCS, pp. 321–329). https://doi.org/10.1007/978-3-642-21793-7_36
Mendeley helps you to discover research relevant for your work.