Cryptanalysis of Two-Factor Authenticated Key Exchange Protocol in Public Wireless LANs

In Public Wireless LANs(PWLANs), user anonymity is an essential issue. Recently, Juang et al. proposed an anonymous authentication and key exchange protocol using smart cards in PWLANs. They claimed that their proposed scheme provided identity privacy, mutual authentication, and half-forward secrecy. In this paper, we point out that Juang et al.'s protocol is vulnerable to the stolen-verifier attack and does not satisfy user anonymity.

Authors:

• Hyunseung Lee
• Donghyun Choi
• Yunho Lee
• Dongho Won
• Seungjoo Kim

Keywords:

• PWLANs
• user privacy
• smart card
• authentication
• key exchange

References:

[1] Lamport L. "Password authentication with insecure communication,"
Communications of the ACM, 1981;24(11):770-.2.
[2] Awasthi A, Lal S. "A remote user authentication scheme using smart
cards with forward secrecy," IEEE Trans. Consumer Electronic,
2003;49(4):1246-.8.
[3] Awasthi A, Lal S. "An enhanced remote user authentication scheme using
smart cards," IEEE Trans. Consumer Electronic, 2004;50(2):583-.6.
[4] Juang W. "Efficient password authenticated key agreement using smart
card," Computers & Security, 2004;23:167-.73.
[5] Ku W, Chen S. "Weaknesses and improvements of an efficient password
based remote user authentication scheme using smart cards," IEEE Trans.
Consumer Electronic, 2004;50(1):204-.7.
[6] Kumar M. "New remote user authentication scheme using smart cards,"
IEEE Trans. Consumer Electronic, 2004;50(2):597-.600.
[7] Kwon T, Park Y, Lee H. "Security analysis and improvement of the
efficient password-based authentication protocol," IEEE
Communications Letters, 2005;9(1):93-.5.
[8] Park Y, Park S. "Two factor authenticated key exchange (TAKE)
protocol in public wireless LANs," IEICE Trans. Communications
2004;E87-B(5):1382-.5.
[9] Sun H. "An efficient use authentication scheme using smart cards," IEEE
Trans. Consumer Electronic, 2000;46(4):958-.61.
[10] Wang X, Zhang W, Zhang J, Khan M. "Cryptanalysis and improvement
on two efficient remote user authentication scheme using smart cards,"
Computer Standards & Interfaces, 2007;29(5):507-.12.
[11] Yang C, Hwang M. "Cryptanalysis of simple authenticated key
agreement protocols," IEICE Trans. Communications,
2004;E87-A(8):2174-.6.
[12] Yang C, Wang R. "Cryptanalysis of a user friendly remote authentication
scheme with smart cards," Computer Security, 2004;23:425-.7.
[13] Zhenchuan Chai, Zhenfu Cao, Rongxing Lu, "Efficient Password-Based
Authentication and Key Exchange Scheme Preserving User Privacy,"
Wireless Algorithms, Systems, and Applications 2006, Vol. 4138, pp.
467-477.
[14] Young Man PARK, Sang Kyu PARK, "Two factor authenticated key
exchange(TAKE) protocol in public wireless LANs," IEICE Trans.
Communications, 2004, E87-B(5), pp. 1382-1385.
[15] Wen-Shenq Juang, Jing-Lin Wu, "Two efficient two-factor authenticated
key exchange protocols in public wireless LANs," Computers and
Electrical Engineering, 2008, Vol. 10, pp. 1-8.
[16] Tzu-Chang YEH , Hsiao-Yun SHEN, Jing-Jang HWANG, "A Secure
One-Time Password Authentication Scheme Using Smart Cards," 2002,
Vol.E85-B No.11, pp.2515-2518.