Abstract
Elaborating on the merits of elliptic curve cryptosystems, smart cards, and secret sharing schemes, Wu recently proposed a smart card access control with threshold scheme, in which any k out of n users can cooperatively use their authenticated smart cards to unlock an access facility such as a door. By authenticating and recording the login requests submitted by the smart cards, Wu's scheme can establish a complete on-line audit trail of all entry or exit events on a remote computer. In addition, Wu's scheme can achieve user friendliness, mutual authentication, cheating detection, and cheater identification. This paper, however, will show that Wu's scheme is vulnerable to the off-line password guessing attack, the impersonation attack, and the man-in-the-middle attack. Hence, Wu's scheme cannot achieve his claimed security requirements.
Original language | English |
---|---|
Pages (from-to) | 367-372 |
Number of pages | 6 |
Journal | Computer Systems Science and Engineering |
Volume | 23 |
Issue number | 6 |
State | Published - 11 2008 |
Externally published | Yes |
Keywords
- Access control
- Cryptanalysis
- Elliptic curve cryptosystem
- Password
- Smart card