On the security of an authentication scheme for multi-server architecture

Authors:
Debiao He;Jianhua Chen;Wenbo Shi;Muhammad Khurram Khan
Affiliations:
School of Mathematics and Statistics, Wuhan University, Wuhan, 430072, China/ State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beiji ...;School of Mathematics and Statistics, Wuhan University, Wuhan, 430072, China;Department of Electronic Engineering, Northeastern University at Qinhuangdao, Qinhuangdao, 066004, China;Center of Excellence in Information Assurance, King Saud University, Riyadh, 11653, Kingdom of Saudi Arabia
Venue:
International Journal of Electronic Security and Digital Forensics
Year:
2013

Citing 6
Cited 0

Password authentication with insecure communication

Communications of the ACM
Examining Smart-Card Security under the Threat of Power Analysis Attacks

IEEE Transactions on Computers
An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security

Information Fusion
A More Secure Authentication Scheme for Telecare Medicine Information Systems

Journal of Medical Systems
A remote password authentication scheme for multiserver architecture using neural networks

IEEE Transactions on Neural Networks
A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography

Security and Communication Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

Recently, Pippal et al. proposed an authentication scheme for multi-server architecture and claimed that their scheme could withstand various attacks. In this paper, we will analyse the security of Pippal et al.'s scheme. After reviewing their scheme, we find that their scheme cannot withstand the server spoofing attack, the user impersonation attack, the offline password guessing attack and the privileged insider attack. The analysis shows their scheme is not secure for practical applications.