There are many mutual authentication schemes proposed in the literature for preventing unauthorized parties from accessing resources in an insecure environment. However, most of them based on smart cards have assumed a tamper resistant condition for the smart card. To solve the problem, Huang, Liu, and Chen (2013) proposed a mutual authentication scheme based on nonce and smart cards and claimed that the adversary was not able to attack and access the system even if he could extract the data stored in the smart card. Unfortunately, in this paper, we will demonstrate that Huang et al.'s scheme is vulnerable to the offline password guessing attack and the privileged insider attack. We also propose an improved scheme to overcome the weaknesses.

• 出版日期2014-12
• 单位武汉大学; 东北大学