Abstract
Elaborating on the merits of elliptic curve cryptosystems, smart cards, and secret sharing schemes, Wu recently proposed a smart card access control with threshold scheme, in which any k out of n users can cooperatively use their authenticated smart cards to unlock an access facility such as a door. By authenticating and recording the login requests submitted by the smart cards, Wu's scheme can establish a complete on-line audit trail of all entry or exit events on a remote computer. In addition, Wu's scheme can achieve user friendliness, mutual authentication, cheating detection, and cheater identification. This paper, however, will show that Wu's scheme is vulnerable to the off-line password guessing attack, the impersonation attack, and the man-in-the-middle attack. Hence, Wu's scheme cannot achieve his claimed security requirements.
| Original language | English |
|---|---|
| Pages (from-to) | 367-372 |
| Number of pages | 6 |
| Journal | Computer Systems Science and Engineering |
| Volume | 23 |
| Issue number | 6 |
| State | Published - 11 2008 |
| Externally published | Yes |
Keywords
- Access control
- Cryptanalysis
- Elliptic curve cryptosystem
- Password
- Smart card