Security analysis of a nonce-based user authentication scheme using smart cards

Junghyun Nam, Seungjoo Kim, Sangjoon Park, Dongho Won

Research output: Contribution to journalArticlepeer-review

29 Citations (Scopus)


A remote user authentication scheme is a two-party protocol whereby an authentication server in a distributed system confirms the identity of a remote individual logging on to the server over an untrusted, open network. Recently, Lee et al. have proposed an efficient nonce-based scheme for remote user authentication using smart cards. This work reviews Lee et al.'s authentication scheme and provides a security analysis on the scheme. Our analysis shows that Lee et al.'s scheme does not achieve its basic aim of authenticating remote users and furthermore has a very hazardous method for changing passwords. In addition, we recommend some changes to the scheme so that it can attain at least its main security goal.

Original languageEnglish
Pages (from-to)299-302
Number of pages4
JournalIEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Issue number1
Publication statusPublished - 2007 Jan
Externally publishedYes


  • Authentication scheme
  • Denial of service attack
  • Distributed system
  • Parallel session attack
  • Password
  • Smart card

ASJC Scopus subject areas

  • Signal Processing
  • Computer Graphics and Computer-Aided Design
  • Electrical and Electronic Engineering
  • Applied Mathematics


Dive into the research topics of 'Security analysis of a nonce-based user authentication scheme using smart cards'. Together they form a unique fingerprint.

Cite this