Cryptanalysis of A Secure Remote User Authentication Scheme Using Smart Cards
This work highlights security flaws in a proposed authentication scheme, which is incremental as it critiques an existing method rather than introducing a new one.
The paper identifies vulnerabilities in a recent smart card authentication scheme by Karuppiah and Saravanan, showing it fails to prevent replay attacks and has a fault in the login phase, making it unsuitable for practical applications.
Smart card based authentication schemes are used in various fields like e-banking, e-commerce, wireless sensor networks, medical system and so on to authenticate the both remote user and the application server during the communication via internet. Recently, Karuppiah and Saravanan proposed an authentication scheme which is based on password and one-way cryptographic hash function. They have used a secure identity mechanism i.e., users' and server's identity are not public. Thus, the user and the server do not send their identity directly to each other during communications. In this paper, we have found out that their scheme does not overcome the reply attack and also there is a fault in the login phase, which makes their scheme is not perfect for practical use.