Download now Free registration required
In 2005, Lee, Kim, and Yoo proposed a nonce-based mutual authentication scheme using smart cards. However, this paper demonstrates that Lee-Kim-Yoo's scheme is vulnerable to an impersonation attack that the attacker without knowing the remote user's any secret can masquerade as him by obtaining the valid authentication message from any normal session between the remote user and the system. The authors' purpose is to emphasize that it is dangerous that the remote user and the system separately implement their authentication operations without any logical relation to achieve the mutual authentication. Furthermore, they suggest that the tool of matching conversations would be useful as a sanity check to find this kind of the security breach.
- Format: PDF
- Size: 95 KB