Security Weaknesses of Dynamic ID-based Remote User Authentication Protocol
نویسنده
چکیده
Recently, with the appearance of smart cards, many user authentication protocols using smart card have been proposed to mitigate the vulnerabilities in user authentication process. In 2004, Das et al. proposed a ID-based user authentication protocol that is secure against ID-theft and replay attack using smart card. In 2009, Wang et al. showed that Das et al.’s protocol is not secure to randomly chosen password attack and impersonation attack, and proposed an improved protocol. Their protocol provided mutual authentication and efficient password management. In this paper, we analyze the security weaknesses and point out the vulnerabilities of Wang et al.’s protocol. Keywords—Message Alteration Attack, Impersonation Attack
منابع مشابه
An improved dynamic ID-based remote user authentication with key agreement scheme
In 2011, Lee et al. improved Hsiang et al.'s scheme and proposed a security dynamic ID-based remote user authentication scheme for multi-server environment using smart cards. They claimed that their protocol is efficient and can resist several kinds of known attacks. However, we observe that Lee et al.'s scheme is still vulnerable to stolen smart card attack, malicious server attack. To remedy ...
متن کاملWeaknesses of a dynamic ID-based remote user authentication scheme
Weaknesses of a dynamic ID-based remote user authentication scheme He Debiao*, Chen Jianhua, Hu Jin School of Mathematics and Statistics, Wuhan University, Wuhan, Hubei 430072, China Abstract: The security of a password authentication scheme using smart cards proposed by Khan et al. is analyzed. Four kinds of attacks are presented in different scenarios. The analyses show that the scheme is ins...
متن کاملA smart card based remote user authentication scheme
Password based authentication schemes are commonly used to authenticate remote users. Many schemes have been proposed both with and without smart cards but each have its own merits and demerits. This paper analyzes the security of an enhanced Dynamic ID based remote user authentication scheme and shows that the enhanced scheme has major security weaknesses. The paper also presents a new scheme ...
متن کاملCryptanalysis of Two Dynamic ID-based Remote User Authentication Schemes for Multi-Server Architecture
Understanding security failures of cryptographic protocols is the key to both patching existing protocols and designing future schemes. In NSS’10, Shao and Chin pointed out that Hsiang and Shih’s dynamic ID-based remote user authentication scheme for multi-server environment is vulnerable to server spoofing attack and fails to preserve user anonymity, and further proposed an improved version wh...
متن کاملWeaknesses of a Secure Dynamic ID Based Remote User Authentication Scheme
In 2009, Liao and Wang proposed a secure dynamic ID based remote user authentication scheme for multi-server environments. They achieved user anonymity by using secure dynamic IDs instead of static IDs. Recently, Hsiang and Shih proposed an improved scheme to fix the security flaws found in Liao-Wang’s scheme. Hsiang and Shih claimed that their scheme maintains the benefits and increases the se...
متن کامل