On the security of two password authenticated key agreement scheme using smart cards

After a password authenticated key agreement scheme using smart cards was proposed by Juang et al in 2008. Sun et al and Li et al respectively demonstrated some weaknesses in Juang's scheme and proposed improved schemes. However, although the later two schemes overcome the weaknesses in earlier scheme, we find several weaknesses in them. In Sun's scheme, there are two defects, insecurity under card-compromise attack and weaknesses of password-changing operation. And in Li's scheme we find following defects: vulnerability to denial of server (DoS) attack, server-compromise forward insecurity, complex key setup and session key problems. This paper discussed these problems in detail and our analysis will be helpful to avoid similar mistakes in future works.