Security analysis of a secure and practical dynamic identity-based remote user authentication scheme

Authors:
Mo-han Zhang;Chen-guang Yang;Ding Wang
Affiliations:
College of Software Engineering, Sichuan University, Chengdu City, China;College of Software Engineering, Sichuan University, Chengdu City, China;Automobile Sergeant Institute of PLA, Bengbu City, China
Venue:
WISM'12 Proceedings of the 2012 international conference on Web Information Systems and Mining
Year:
2012

Citing 16
Cited 0

OPUS: preventing weak password choices

Computers and Security
Password authentication with insecure communication

Communications of the ACM
Examining Smart-Card Security under the Threat of Power Analysis Attacks

IEEE Transactions on Computers
Privacy Protection for Transactions of Digital Goods

ICICS '01 Proceedings of the Third International Conference on Information and Communications Security
An improved smart card based password authentication scheme with provable security

Computer Standards & Interfaces
Cryptanalysis and security enhancement of a 'more efficient & secure dynamic ID-based remote user authentication scheme'

Computer Communications
Impact of restrictive composition policy on user password choices

Behaviour & Information Technology
Design and Implementation of an Electromagnetic Analysis System for Smart Cards

CIS '11 Proceedings of the 2011 Seventh International Conference on Computational Intelligence and Security
Secure dynamic identity-based remote user authentication scheme

ICDCIT'10 Proceedings of the 6th international conference on Distributed Computing and Internet Technology
Cryptanalysis and improvement of sood et al.'s dynamic ID-Based authentication scheme

ICDCIT'12 Proceedings of the 8th international conference on Distributed Computing and Internet Technology
Mobile Privacy in Wireless Networks-Revisited

IEEE Transactions on Wireless Communications
On the security of public key protocols

IEEE Transactions on Information Theory
An efficient remote use authentication scheme using smart cards

IEEE Transactions on Consumer Electronics
Security of two remote user authentication schemes using smart cards

IEEE Transactions on Consumer Electronics
Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards

IEEE Transactions on Consumer Electronics
Secure password-based remote user authentication scheme with non-tamper resistant smart cards

DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

In 2005, Lee et al. proposed a secure smart card based remote user authentication scheme to improve the security of Chien et al.'s scheme. More recently, Sood et al. pointed out that Lee et al.'s scheme is still vulnerable to the reflection attack, off-line password guessing attack, user impersonation attack and fails to preserve user anonymity. Consequently, Sood et al. proposed a more secure remote user authentication scheme, which is an improvement over Lee et al.'s scheme to overcome their security drawbacks. In this study, however, we find that Sood et al.'s scheme still cannot achieve the claimed security and report its following flaws: (1) It fails to preserve user anonymity under their non-tamper resistance assumption of the smart card; (2) It cannot withstand stolen-verifier attack. The proposed cryptanalysis discourages any use of the scheme for practical applications.