International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Cryptanalysis of an ID-based Password Authentication Scheme using Smart Cards and Fingerprints

Authors:
M. Scott
Download:
URL: http://eprint.iacr.org/2004/017
Search ePrint
Search Google
Abstract: In a paper recently published in the ACM Operating Systems Review, Kim, Lee and Yoo \cite{kim-lee-yoo} describe two ID-based password authentication schemes for logging onto a remote network server using smart cards, passwords and fingerprints. Various claims are made regarding the security of the schemes, but no proof is offered. Here we show how a passive eavesdropper, without access to any smart card, password or fingerprint, and after passively eavesdropping only one legitimate log-on, can subsequently log-on to the server claiming any identity.
BibTeX
@misc{eprint-2004-11993,
  title={Cryptanalysis of an ID-based Password Authentication Scheme using Smart Cards and Fingerprints},
  booktitle={IACR Eprint archive},
  keywords={cryptographic protocols / cryptanalysis,  ID-based methods, password authentication, smart cards},
  url={http://eprint.iacr.org/2004/017},
  note={ mike@computing.dcu.ie 12443 received 26 Jan 2004},
  author={M. Scott},
  year=2004
}