Cryptanalysis of Liao-Lee-Hwang's Dynamic ID Scheme
نویسندگان
چکیده
Recently, Das, Saxena and Gulati proposed a dynamic Id based remote user authentication scheme that allows the users to choose and change their passwords freely and does not maintain verifier table. But their scheme has few weaknesses and cannot achieve mutual authentication. In 2005, Liao, Lee and Hwang showed that Das et al. scheme is vulnerable to guessing attack and proposed an enhanced scheme which also achieves mutual authentication. In this paper we show that Liao et. al’s. scheme cannot withstand impersonation attack, reflection attack and it is completely insecure as a user can successfully log on to a remote system with a random password.
منابع مشابه
Cryptanalysis of a New Dynamic ID-based User Authentication Scheme to Resist Smart-Card-Theft Attack
In a recent paper (AMIS, 6(2S), 2012), Lee proposed a dynamic ID-based user authentication scheme based on smart card which is believed to have many abilities to resist a range of network attacks. In this paper, we analyze the security of Lee’s scheme and show that the scheme is in fact insecure against insider-assisted attack, even if the adversary doesn’t know the secret information stored in...
متن کاملAn efficient dynamic ID based remote user authentication scheme using self-certified public keys for multi-server environment
Recently, Li et al. analyzed Lee et al.’s multi-server authentication scheme and proposed a novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. They claimed that their scheme can resist several kinds of attacks. However, through careful analysis, we find that Li et al.’s scheme is vulnerable to stolen smart card and offline dictionary attack, r...
متن کاملWeaknesses of a Secure Dynamic ID Based Remote User Authentication Scheme
In 2009, Liao and Wang proposed a secure dynamic ID based remote user authentication scheme for multi-server environments. They achieved user anonymity by using secure dynamic IDs instead of static IDs. Recently, Hsiang and Shih proposed an improved scheme to fix the security flaws found in Liao-Wang’s scheme. Hsiang and Shih claimed that their scheme maintains the benefits and increases the se...
متن کاملOn the Security of ID Based Signcryption Schemes
A signcryption scheme is secure only if it satisfies both the confidentiality and the unforgeability properties. All the ID based signcryption schemes presented in the standard model till now do not have either the confidentiality or the unforgeability or both of these properties. Cryptanalysis of some of the schemes have been proposed already. In this work, we present the security attack on ‘S...
متن کاملSecurity Analysis of A Dynamic ID-based Remote User Authentication Scheme
Since 1981, when Lamport introduced the remote user authentication scheme using table, a plenty of schemes had been proposed with table and without table using. Recently Das, Saxena and Gulati have proposed A dynamic ID-based remote user authentication scheme. They claimed that their scheme is secure against ID-theft, and can resist the reply attacks, forgery attacks, and insider attacks and so...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- I. J. Network Security
دوره 6 شماره
صفحات -
تاریخ انتشار 2008