Cryptanalysis of Yang-Wang-Chang’s password authentication scheme with smart cards

In 2005, Yang, Wang, and Chang proposed an improved timestamp-based password authentication scheme in an attempt to overcome the flaws of Yang-Shieh’s legendary timestamp-based remote authentication scheme using smart cards. After analyzing the improved scheme proposed by Yang-Wang-Chang, we have fo...

Full description

Bibliographic Details
Main Authors: Pathan, Al-Sakib Khan, Hong, Choong Seon
Format: Conference or Workshop Item
Language:English
Published: 2008
Subjects:
Online Access:http://irep.iium.edu.my/730/
http://irep.iium.edu.my/730/
http://irep.iium.edu.my/730/1/Cryptanalysis_of_Yang-Wang-Chang_s_Password_Authentication_Scheme_with_Smart_Cards.pdf
Description
Summary:In 2005, Yang, Wang, and Chang proposed an improved timestamp-based password authentication scheme in an attempt to overcome the flaws of Yang-Shieh’s legendary timestamp-based remote authentication scheme using smart cards. After analyzing the improved scheme proposed by Yang-Wang-Chang, we have found that their scheme is still insecure and vulnerable to four types of forgery attacks. Hence, in this paper, we prove that, their claim that their scheme is intractable is incorrect. Also, we show that even an attack based on Sun et al.’s attack could be launched against their scheme which they claimed to resolve with their proposal.