Weaknesses of a Secure Dynamic ID Based Remote User Authentication Scheme
نویسندگان
چکیده
In 2009, Liao and Wang proposed a secure dynamic ID based remote user authentication scheme for multi-server environments. They achieved user anonymity by using secure dynamic IDs instead of static IDs. Recently, Hsiang and Shih proposed an improved scheme to fix the security flaws found in Liao-Wang’s scheme. Hsiang and Shih claimed that their scheme maintains the benefits and increases the security of Liao-Wang’s scheme, while providing mutual authentication that Liao-Wang’s scheme lacks. In this paper, however, it is shown that Hsiang-Shih’s scheme cannot withstand user and server impersonation attacks. Their scheme is thus vulnerable to malicious users and insecure for practical applications.
منابع مشابه
An Improved Secure Dynamic ID Based Remote User Authentication Scheme for Multi-Server Environment
Recently, Lee et al. proposed a secure dynamic ID based remote user authentication scheme for multi-server environment. They claimed their scheme can remedy the weaknesses of prior schemes and is thus more effective. However, we find Lee et al.'s scheme still fails to achieve the anonymity and has the security weakness of a smart card clone. In this article, we shall propose a new scheme to imp...
متن کاملCryptanalysis of a more efficient and secure dynamic id-based remote user authentication scheme
In 2004, Das, Saxena and Gulati proposed a dynamic ID-based remote user authentication scheme which has many advantage such as no verifier table, user freedom to choose and change password and so on. However the subsequent papers have shown that this scheme is completely insecure and vulnerable to many attacks. Since then many schemes with improvements to Das et al’s scheme has been proposed bu...
متن کاملWeaknesses of a dynamic ID-based remote user authentication scheme
Weaknesses of a dynamic ID-based remote user authentication scheme He Debiao*, Chen Jianhua, Hu Jin School of Mathematics and Statistics, Wuhan University, Wuhan, Hubei 430072, China Abstract: The security of a password authentication scheme using smart cards proposed by Khan et al. is analyzed. Four kinds of attacks are presented in different scenarios. The analyses show that the scheme is ins...
متن کاملCryptanalysis of Two Dynamic ID-Based Remote User Authentication Schemes for Preserving User Privacy
Remote user authentication is an essential part in electronic commerce to identify legitimate users over the Internet. However, how to protect user privacy in the authentication has become an important issue recently. Therefore, many secure authentication schemes with smart cards have been proposed. In this paper, we will analyze the security weaknesses of two recently proposed authentication s...
متن کاملSecurity Weaknesses of Dynamic ID-based Remote User Authentication Protocol
Recently, with the appearance of smart cards, many user authentication protocols using smart card have been proposed to mitigate the vulnerabilities in user authentication process. In 2004, Das et al. proposed a ID-based user authentication protocol that is secure against ID-theft and replay attack using smart card. In 2009, Wang et al. showed that Das et al.’s protocol is not secure to randoml...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- JCIT
دوره 5 شماره
صفحات -
تاریخ انتشار 2010