An improved dynamic ID-based remote user authentication with key agreement scheme

Authors:
Fengtong Wen;Xuelei Li
Affiliations:
School of Mathematical Sciences, University of Jinan, Jinan, Shandong, China;School of Mathematical Sciences, University of Jinan, Jinan, Shandong, China
Venue:
Computers and Electrical Engineering
Year:
2012

Citing 10
Cited 3

Password authentication with insecure communication

Communications of the ACM
Examining Smart-Card Security under the Threat of Power Analysis Attacks

IEEE Transactions on Computers
Differential Power Analysis

CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Security Enhancement for a Dynamic ID-Based Remote User Authentication Scheme

NWESP '05 Proceedings of the International Conference on Next Generation Web Services Practices
Two efficient two-factor authenticated key exchange protocols in public wireless LANs

Computers and Electrical Engineering
A more efficient and secure dynamic ID-based remote user authentication scheme

Computer Communications
An efficient anonymous authentication mechanism for delay tolerant networks

Computers and Electrical Engineering
Cryptanalysis and security enhancement of a 'more efficient & secure dynamic ID-based remote user authentication scheme'

Computer Communications
A user friendly authentication scheme with anonymity for wireless communications

Computers and Electrical Engineering
A dynamic ID-based remote user authentication scheme

IEEE Transactions on Consumer Electronics

Cryptanalysis of a dynamic ID-based remote user authentication with key agreement scheme

International Journal of Communication Systems
Security analysis and Improvement of a Privacy Authentication Scheme for Telecare Medical Information Systems

Journal of Medical Systems
An improved dynamic ID-based remote user authentication with key agreement scheme

Journal of Electrical and Computer Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

In 2009, Wang et al. presented a dynamic ID-based remote user authentication scheme and claimed that their scheme was more efficient and secure. In this paper, we point out that their scheme is not secure against impersonation attacks launched by any adversary at anytime and could leak some key information to legal users, who can launch an off-line guessing attack. If the adversary could get the secret information stored in the smart cards someway, their scheme will be completely broken down. In addition, their scheme does not provide anonymity for the users, and lacks the functionalities of revocation, key exchange and secret renew for users and servers. Furthermore, we propose a more secure and robust scheme, which does not only cover all the above security flaws and weaknesses, but also provides more functionalities.