Abstract—Remote User authentication scheme is commonly used for communication between authorized remote users over insecure network. Due to its simplicity and convenience, it is widely used in many environments such as E-commerce or remote host login. In recent years, several remote user authentication schemes using smart card have been proposed. Recently, Huang et al. proposed a timestamp-based user authentication scheme with smart card. They claimed that their scheme can resist off-line password guessing attack. However, there is some vulnerability Huang et al.’s scheme that we find their scheme cannot resist the off-line password guessing attack and it cannot detect the wrong password in login phase, and also insecure for changing the user’s password in password change phase. In this paper, we conduct detailed analysis of flaws in Huang et al.’s scheme.
Index Terms—Remote user authentication scheme, smart
card, password, security.
The authors are with the School of Information and Communication
Engineering, Sungkyunkwan University, Korea (e-mail:
jwjung@security.re.kr, yschoi@security.re.kr, dhlee@security.re.kr,
jykim@security.re.kr, dhwon@security.re.kr).
Cite: Jaewook Jung, Younsung Choi, Donghoon Lee, Jiye Kim, and Dongho Won, "Security Weaknesses of a Timestamp-Based User Authentication Scheme with Smart Card," International Journal of Information and Education Technology vol. 5, no. 7, pp. 553-556, 2015.