On the Security of ``an efficient and complete remote user authentication scheme''
Abstract
Recently, Liaw et al. proposed a remote user authentication scheme using smart cards. Their scheme has claimed a number of features e.g. mutual authentication, no clock synchronization, no verifier table, flexible user password change, etc. We show that Liaw et al.'s scheme is completely insecure. By intercepting a valid login message in Liaw et al.'s scheme, any unregistered user or adversary can easily login to the remote system and establish a session key.
0
Turn this paper into a lesson
ArcXiv compiles a structured reading guide from this paper's metadata: plain-English importance, contributions, prerequisite concepts, which sections to read first, flashcards, and a quiz. Grounded in the abstract, never invented.