Weaknesses of a Dynamic ID Based Remote User Authentication Protocol for Multi-Server Environment

Abstract

Currently, smart card based remote user authentication schemes have been widely adopted due to their low cost and convenient portability. With the purpose of using various different internet services with single registration and to protect the users from being tracked, various dynamic ID based multi-server authentication protocols have been proposed. Recently, Li et al. proposed an efficient and secure dynamic ID based authentication protocol using smart cards. They claimed that their protocol provides strong security. In this paper, we have demonstrated that Li et al.’s protocol is vulnerable to replay attack, denial of service attack, smart card lost attack, eavesdropping attack and server spoofing attacks.

Share and Cite:

Madhusudhan, R. and Praveen, A. (2014) Weaknesses of a Dynamic ID Based Remote User Authentication Protocol for Multi-Server Environment. Journal of Computer and Communications, 2, 196-200. doi: 10.4236/jcc.2014.24026.

Conflicts of Interest

The authors declare no conflicts of interest.

References

[1] Hsiang, H. and Shih, W. (2009) Weaknesses and IMPROVEMENTs of the Yoon-Ryu-Yoo Remote User Authentication Scheme Using Smart Cards. Computer Communications, 32, 649-652. http://dx.doi.org/10.1016/j.comcom.2008.11.019
[2] Yoon, E.J., Ryu, E.K. and Yoo, K.Y. (2004) Further Improvement of An Efficient Password Based Remote User Authentication Scheme Using Smart Cards. IEEE Transactions on Consumer Electronics, 50, 612-614. http://dx.doi.org/10.1109/TCE.2004.1309437
[3] Wang, X., Zhang, W., Zhang, J. and Khan, M.K. (2007) Cryptanalysis and Improvement on Two Efficient Remote User Authentication Scheme Using Smart Cards. Computer Standards and Interfaces, 29, 507-512. http://dx.doi.org/10.1016/j.csi.2006.11.005
[4] Lee, C.C., Lai, Y.M. and Li, C.T. (2012) An Improved Secure Dynamic ID Based Remote User Authentication Scheme for Multi-Server Environment. International Journal of Security and Its Applications, 6, 203-209.
[5] Sood, S.K., Sarje, A.K. and Singh, K. (2011) A Secure Dynamic Identity Based Authentication Protocol for Multi-Server Architecture. Journal of Network and Computer Applications, 34, 609-618. http://dx.doi.org/10.1016/j.jnca.2010.11.011
[6] Guo, D.L. and Wen, F.T. (2013) A More Secure Dynamic ID Based Remote User Authentication Scheme for Multi- Server Environment. Journal of Computational Information Systems, 9, 407-414.
[7] Madhusudhan, R. and Mittal, R.C. (2012) Dynamic ID-Based Remote User Password Authentication Schemes Using Smart Cards: A Review. Journal of Network and Computer Applications, 35, 1235-1248. http://dx.doi.org/10.1016/j.jnca.2012.01.007
[8] Chena, T.-H., Hsiang, H.-C. and Shih, W.-K. (2011) Security Enhancement on an Improvement on Two Remote User Authentication Schemes Using Smart Cards. Future Generation Computer Systems, 27, 377-380. http://dx.doi.org/10.1016/j.future.2010.08.007
[9] Fan, C.I., Chan, Y.C. and Zhang, Z.K. (2005) Robust Remote Authentication Scheme with Smart Cards. Computers & Security, 24, 619-628. http://dx.doi.org/10.1016/j.cose.2005.03.006
[10] Lin, I.C., Hwang, M.S. and Li, L.H. (2003) A New Remote User Authentication Scheme for Multi-Server Architecture. Future Generation Computer Systems, 19, 13-22. http://dx.doi.org/10.1016/S0167-739X(02)00093-6
[11] Liao, I.E., Lee, C.C. and Hwang, M.S. (2006) A Password Authentication Scheme over Insecure Networks. Journal of Computer and System Sciences, 72, 727-740. http://dx.doi.org/10.1016/j.jcss.2005.10.001
[12] Li, X., Xiong, Y.P., Ma, J. and Wang, W.D. (2012) An Efficient and Security Dynamic Identity Based Authentication Protocol for Multi-Server Architecture Using Smart Cards. Journal of Network and Computer Applications, 35, 763- 769. http://dx.doi.org/10.1016/j.jnca.2011.11.009
[13] Chang, C.C. and Lee, J.S. (2004) An Efficient and Secure Multi-Server Password Authentication Protocol Using Smart Cards. Proceedings of the Third International Conference on Cyberworlds, November, 417-422.
[14] Tsaur, W.J., Wu, C.C. and Lee, W.B. (2004) A Smart Card-Based Remote Scheme for Password Authentication in Multi-Server Internet Services. Computer Standards & Interfaces, 27, 39-51. http://dx.doi.org/10.1016/j.csi.2004.03.004
[15] Tsai, J.L. (2008) Efficient Multi-Server Authentication Scheme Based on One-Way Hash Function Without Verification Table. Computers & Security, 27, 115-121. http://dx.doi.org/10.1016/j.cose.2008.04.001
[16] Liao, Y.P. and Wang, S.S. (2009) A Secure Dynamic ID Based Remote User Authentication Scheme for Multi-Server Environment. Computer Standards & Interfaces, 31, 24-29. http://dx.doi.org/10.1016/j.csi.2007.10.007
[17] Hsiang, H.C. and Shih, W.K. (2009) Improvement of the Secure Dy-namic ID Based Remote User Authentication Scheme for Multi-Server Environment. Computer Standards & Interfaces, 31, 1118-1123. http://dx.doi.org/10.1016/j.csi.2008.11.002
[18] Lee, C.C., Lin, T.H. and Chang, R.X. (2011) A Secure Dynamic ID Based Remote User Authentication Scheme for Multi-Server Environment Using Smart Cards. Expert Systems with Applications, 38, 13863-13870.
[19] Li, X., Ma, J., Wang, W.D., Xiong, Y.P. and Zhang, J.S. (2013) A Novel Smart Card and Dynamic ID Based Remote User Authentication Scheme for Multi-Server Environments. Mathematical and Computer Modelling, 58, 85-95. http://dx.doi.org/10.1016/j.mcm.2012.06.033
[20] Kocher, P., Jaffe, J. and Jun, B. (1666) Differential Power Analysis, Advances in Cryptology. Proceedings of CRYPTO’99, LNCS, 1999, 388-397
[21] Messaerges, T.S., Dabbish, E.A. and Sloan, R.H. (2002) Examining Smart Card Security under the Threat of Power Analysis Attacks. IEEE Transactions on Computers, 51, 541-552. http://dx.doi.org/10.1109/TC.2002.1004593

Copyright © 2024 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.