Abstract—A two-factor remote authentication scheme was
presented by Chun-Ta Li et al. in 2010. We present the
framework of an impersonation attack against their scheme if
the smart card gets stolen. We show that it is easy for an
attacker to compute password of a user by using information
extracted from the stolen smart card. We also propose a simple
and easy solution to fix this problem.
Index Terms—Authentication schemes, cryptanalysis,
mutual authentication, smart card.
The authors are with the Department of Computer Science, COMSATS
Institute of Information Technology, Islamabad, Pakistan (e-mail:
sajida.kalsoom@gmail.com, sheikh.ziauddin@comsats.edu.pk ).
Cite:Sajida Kalsoom and Sheikh Ziauddin, "Cryptanalysis and Improvement of a Two-Factor User Authentication Scheme Providing Mutual Authentication and Key Agreement over Insecure Channels," International Journal of Machine Learning and Computing vol.3, no. 5, pp. 400-403, 2013.