Abstract
These days, smartcard is an indispensable part of everybody's life. People come to depend on smartcard applications for various purposes including payment, identification, etc. As a result, providing adequate security for smartcard applications is critical. In 2007, Liao and Wang proposed an authentication protocol using smart card application and claimed that their protocol provides security against replay attacks, active attacks and insider attacks. In addition, they argued that user anonymity is guaranteed. Subsequently, Hsiang and Shih presented several weaknesses in Liao and Wang's protocol and proposed an improved protocol which addresses these weaknesses. In this paper, we point out that Liao-Wang protocol is vulnerable to an insider attack by presenting a simple method for a malicious server to impersonate any user authenticating to the server. We also demonstrate that user anonymity can be violated as colluding servers can easily track activities of users. These weaknesses were not mentioned in the Hsiang and Shih's paper. We also show that our attacks are still applicable on Hsiang and Shih's improved protocol.
| Original language | British English |
|---|---|
| Pages | 50-55 |
| Number of pages | 6 |
| State | Published - 2010 |
| Event | Triangle Symposium on Advanced ICT 2010, TriSAI 2010 - Beijing, China Duration: 25 Oct 2010 → 27 Oct 2010 |
Conference
| Conference | Triangle Symposium on Advanced ICT 2010, TriSAI 2010 |
|---|---|
| Country/Territory | China |
| City | Beijing |
| Period | 25/10/10 → 27/10/10 |