Cryptanalysis of Song's Advanced Smart Card Based Password Authentication Protocol
Source: University of Würzburg
Remote user authentication is a central problem in network security. In a seminal paper, Lamport proposed in 1981 a password-based scheme using hash chains. This scheme was later refined and used in a number of applications, notably Haller's famous S/KEY one-time password system. Similar protocols based on smart cards gained some popularity shortly after that. In such schemes, the user is provided with a card and a password as identification tokens. When the user wishes to connect to the server, she provides the card with her password, which is used to construct a login message that is sent to the server to be validated.