Comments on an advanced dynamic ID-Based authentication scheme for cloud computing

Authors:
Ding Wang;Ying Mei;Chun-guang Ma;Zhen-shan Cui
Affiliations:
Department of Training, Automobile Sergeant Institute of PLA, Bengbu, China,Harbin Engineering University, Harbin City, China;Department of Training, Automobile Sergeant Institute of PLA, Bengbu, China;Harbin Engineering University, Harbin City, China;Harbin Engineering University, Harbin City, China
Venue:
WISM'12 Proceedings of the 2012 international conference on Web Information Systems and Mining
Year:
2012

Citing 11
Cited 0

A security risk of depending on synchronized clocks

ACM SIGOPS Operating Systems Review
Examining Smart-Card Security under the Threat of Power Analysis Attacks

IEEE Transactions on Computers
An improved smart card based password authentication scheme with provable security

Computer Standards & Interfaces
Coupling-Based Internal Clock Synchronization for Large-Scale Dynamic Distributed Systems

IEEE Transactions on Parallel and Distributed Systems
A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem

Journal of Systems and Software
An Advanced ECC Dynamic ID-Based Remote Mutual Authentication Scheme for Cloud Computing

MUE '11 Proceedings of the 2011 Fifth FTRA International Conference on Multimedia and Ubiquitous Engineering
Formal analysis and systematic construction of two-factor authentication scheme (short paper)

ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Cloud computing and security challenges

Proceedings of the 50th Annual Southeast Regional Conference
Cryptanalysis and improvement of sood et al.'s dynamic ID-Based authentication scheme

ICDCIT'12 Proceedings of the 8th international conference on Distributed Computing and Internet Technology
Side-channel analysis of cryptographic RFIDs with analog demodulation

RFIDSec'11 Proceedings of the 7th international conference on RFID Security and Privacy
Secure password-based remote user authentication scheme with non-tamper resistant smart cards

DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

The design of secure remote user authentication schemes for mobile devices in Cloud Computing is still an open and quite challenging problem, though many such schemes have been published lately. Recently, Chen et al. pointed out that Yang and Chang's ID-based authentication scheme based on elliptic curve cryptography (ECC) is vulnerable to various attacks, and then presented an improved password based authentication scheme using ECC to overcome the drawbacks. Based on heuristic security analysis, Chen et al. claimed that their scheme is more secure and can withstand all related attacks. In this paper, however, we show that Chen et al.'s scheme cannot achieve the claimed security goals and report its flaws: (1) It is vulnerable to offline password guessing attack; (2) It fails to preserve user anonymity; (3) It is prone to key compromise impersonation attack; (4) It suffers from the clock synchronization problem. The cryptanalysis demonstrates that the scheme under study is unfit for practical use in Cloud Computing environment.