SpringerLink
Log in

Security Analysis of a Secure and Practical Dynamic Identity-Based Remote User Authentication Scheme

  • Conference paper
Web Information Systems and Mining (WISM 2012)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 7529))

Included in the following conference series:

Abstract

In 2005, Lee et al. proposed a secure smart card based remote user authentication scheme to improve the security of Chien et al.’s scheme. More recently, Sood et al. pointed out that Lee et al.’s scheme is still vulnerable to the reflection attack, off-line password guessing attack, user impersonation attack and fails to preserve user anonymity. Consequently, Sood et al. proposed a more secure remote user authentication scheme, which is an improvement over Lee et al.’s scheme to overcome their security drawbacks. In this study, however, we find that Sood et al.’s scheme still cannot achieve the claimed security and report its following flaws: (1) It fails to preserve user anonymity under their non-tamper resistance assumption of the smart card; (2) It cannot withstand stolen-verifier attack. The proposed cryptanalysis discourages any use of the scheme for practical applications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Lamport, L.: Password authentication with insecure communication. Communications of the ACM 24(11), 770–772 (1981)

    Article  MathSciNet  Google Scholar 

  2. Chien, H.Y., Jan, J.K., Tseng, Y.M.: An efficient and practical solution to remote authentication: smart card. Computers & Security 21(4), 372–375 (2002)

    Article  Google Scholar 

  3. Sun, H.M.: An Efficient Remote User Authentication Scheme using Smart Cards. IEEE Transactions on Consumer Electronics 46(4), 958–961 (2000)

    Article  Google Scholar 

  4. Hsu, C.L.: Security of two remote user authentication schemes using smart cards. IEEE Transactions on Consumer Electronics 49(4), 1196–1198 (2003)

    Article  Google Scholar 

  5. Ku, W.C., Chen, S.M.: Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 50(1), 204–207 (2004)

    Article  Google Scholar 

  6. Lee, S.W., Kim, H.S., Yoo, K.Y.: Improvement of chien et al.’s remote user authentication scheme using smart cards. Computer Standards & Interfaces 27(2), 181–183 (2005)

    Article  Google Scholar 

  7. Xu, J., Zhu, W., Feng, D.: An improved smart card based password authentication scheme with provable security. Computer Standards & Interfaces 31(4), 723–728 (2009)

    Article  Google Scholar 

  8. Sood, S.K., Sarje, A.K., Singh, K.: Secure Dynamic Identity-Based Remote User Authentication Scheme. In: Janowski, T., Mohanty, H. (eds.) ICDCIT 2010. LNCS, vol. 5966, pp. 224–235. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  9. Khan, M., Kim, S., Alghathbar, K.: Cryptanalysis and security enhancement of ‘a more efficient and secure dynamic id-based remote user authentication scheme’. Computer Communications 34(3), 305–309 (2011)

    Article  Google Scholar 

  10. Wang, D., Ma, C.-G., Wu, P.: Secure Password-Based Remote User Authentication Scheme with Non-tamper Resistant Smart Cards. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 114–121. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  11. Wang, D., Ma, C.G.: On the security of an improved password authentication scheme based on ecc. Cryptology ePrint Archive, Report 2012/190 (2012), http://eprint.iacr.org/2012/190.pdf

  12. Ma, C.G., Wang, D., Zhang, Q.M.: Cryptanalysis and Improvement of Sood et al.’s Dynamic ID-Based Authentication Scheme. In: Ramanujam, R., Ramaswamy, S. (eds.) ICDCIT 2012. LNCS, vol. 7154, pp. 141–152. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  13. Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)

    Article  MathSciNet  MATH  Google Scholar 

  14. Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers 51(5), 541–552 (2002)

    Article  MathSciNet  Google Scholar 

  15. Mangard, S., Oswald, E., Standaert, F.X.: One for all-all for one: unifying standard differential power analysis attacks. IET Information Security 5(2), 100–110 (2011)

    Article  Google Scholar 

  16. Gu, K., Wu, L.J., Li, X.Y., Zhang, X.M.: Design and implementation of an electromagnetic analysis system for smart cards. In: 2011 Seventh International Conference on Computational Intelligence and Security, pp. 653–656. IEEE Press, New York (2011)

    Chapter  Google Scholar 

  17. Spaford, E.H.: Opus: Preventing weak password choices. Computers & Security 11(3), 273–278 (1992)

    Article  Google Scholar 

  18. Campbell, J., Ma, W., Kleeman, D.: Impact of restrictive composition policy on user password choices. Behaviour & Information Technology 30(3), 379–388 (2011)

    Article  Google Scholar 

  19. Bao, F., Deng, R.: Privacy Protection for Transactions of Digital Goods. In: Qing, S., Okamoto, T., Zhou, J. (eds.) ICICS 2001. LNCS, vol. 2229, pp. 202–213. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  20. Tang, C., Wu, D.: Mobile privacy in wireless networks-revisited. IEEE Transactions on Wireless Communications 7(3), 1035–1042 (2008)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. College of Software Engineering, Sichuan University, Chengdu City, 610225, China

    Mo-han Zhang & Chen-guang Yang

  2. Automobile Sergeant Institute of PLA, Bengbu City, 233011, China

    Ding Wang

Authors
  1. Mo-han Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chen-guang Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ding Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Deaprtment of Business Administration, Caritas Institute of Higher Education, 18 Chui Ling Road, Tseung Kwan O, Hong Kong, China

    Fu Lee Wang

  2. School of Computer and Information Engineering, Shanghai University of Electric Power, 200090, Shanghai, China

    **gsheng Lei

  3. Department of Computer and Inforamtion Science, University of Macau, Av. Padre Tomás Pereira, Taipa, Macau, China

    Zhiguo Gong

  4. School of Computer, Shanghai University, 200444, Shanghai, China

    **angfeng Luo

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Zhang, Mh., Yang, Cg., Wang, D. (2012). Security Analysis of a Secure and Practical Dynamic Identity-Based Remote User Authentication Scheme. In: Wang, F.L., Lei, J., Gong, Z., Luo, X. (eds) Web Information Systems and Mining. WISM 2012. Lecture Notes in Computer Science, vol 7529. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33469-6_38

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-33469-6_38

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-33468-9

  • Online ISBN: 978-3-642-33469-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation