Cryptanalysis on Improved Remote User Authentication Scheme Preserving User Anonymity

نویسندگان

  • Sung-Woon Lee
  • Hyun-Sung Kim
چکیده

* Corresponding author Summary Even though user anonymity is an important issue in many ecommerce applications, most of smartcard-based remote authentication schemes did not considered user identities protection while authenticating the users. In 2004, Das et al. proposed a remote authentication scheme by preserving the users' anonymity. Their scheme adopted dynamic identification to achieve the property. In 2005, Chien and Chen pointed out that Das et al.'s scheme fails to protect the user's anonymity, and enhanced the scheme. However, Hu et al. in 2007 showed that their scheme also has some problems including masquerading attacks, insider attack, and replay attack and presented an improved scheme to conquer these problems. This paper shows that Hu et al.'s scheme still suffers from some attacks. The scheme could not only suffer from strong user/server masquerading attacks and denial of service attack but also not support the user anonymity. Additionally, this paper points out that the method to prevent the insider attack in the scheme is not applicable in reality.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A Secure Remote Authentication Scheme Preserving User Anonymity with Non-Tamper Resistant Smart Cards

Anonymity is one of the important properties of remote authentication schemes to preserve user privacy. Besides, it can avoid unauthorized entities from using the user ID and other intercepted information to forge legal login messages. In 2004, Das et al. first proposed a remote user authentication scheme with smart cards using dynamic ID to protect user anonymity. Later, in 2005, Chien and Che...

متن کامل

Cryptanalysis of Two Dynamic ID-Based Remote User Authentication Schemes for Preserving User Privacy

Remote user authentication is an essential part in electronic commerce to identify legitimate users over the Internet. However, how to protect user privacy in the authentication has become an important issue recently. Therefore, many secure authentication schemes with smart cards have been proposed. In this paper, we will analyze the security weaknesses of two recently proposed authentication s...

متن کامل

Cryptanalysis of Sun and Cao's Remote Authentication Scheme with User Anonymity

Dynamic ID-based remote user authentication schemes ensure efficient and anonymous mutual authentication between entities. In 2013, Khan et al. proposed an improved dynamic ID-based authentication scheme to overcome the security flaws of Wang et al.’s authentication scheme. Recently, Sun and Cao showed that Khan et al. does not satisfies the claim of the user’s privacy. Moreover, They proposed ...

متن کامل

Cryptanalysis of Qu’s Improved Smart Card-based Remote User Authentication Scheme

In 2013, Qu demonstrated that Awasthi et al.’s remote user authentication scheme is vulnerable to smart card loss attack, off-line password guessing attack and does not preserve anonymity of user. However, this paper points out that Qu’s scheme is still vulnerable to off-line password guessing attack and smart card loss attack, and also does not preserve anonymity of a user unlike its claim. Fo...

متن کامل

Security Enhancements of a Remote User Authentication Scheme Preserving User Anonymity

Recently, user authentication scheme in e-commerce and m-commerce has been becoming one of important security issues. In 2008, Bindu et al. proposed an improved remote user authentication scheme preserving user anonymity. In this paper, we analyze the security of Bindu et al.’s authentication scheme, and we demonstrate that their scheme is still insecure against the man-in-themiddle attack, the...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2008