Abstract
In 2005, Lee et al. proposed a secure smart card based remote user authentication scheme to improve the security of Chien et al.’s scheme. More recently, Sood et al. pointed out that Lee et al.’s scheme is still vulnerable to the reflection attack, off-line password guessing attack, user impersonation attack and fails to preserve user anonymity. Consequently, Sood et al. proposed a more secure remote user authentication scheme, which is an improvement over Lee et al.’s scheme to overcome their security drawbacks. In this study, however, we find that Sood et al.’s scheme still cannot achieve the claimed security and report its following flaws: (1) It fails to preserve user anonymity under their non-tamper resistance assumption of the smart card; (2) It cannot withstand stolen-verifier attack. The proposed cryptanalysis discourages any use of the scheme for practical applications.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Lamport, L.: Password authentication with insecure communication. Communications of the ACM 24(11), 770–772 (1981)
Chien, H.Y., Jan, J.K., Tseng, Y.M.: An efficient and practical solution to remote authentication: smart card. Computers & Security 21(4), 372–375 (2002)
Sun, H.M.: An Efficient Remote User Authentication Scheme using Smart Cards. IEEE Transactions on Consumer Electronics 46(4), 958–961 (2000)
Hsu, C.L.: Security of two remote user authentication schemes using smart cards. IEEE Transactions on Consumer Electronics 49(4), 1196–1198 (2003)
Ku, W.C., Chen, S.M.: Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 50(1), 204–207 (2004)
Lee, S.W., Kim, H.S., Yoo, K.Y.: Improvement of chien et al.’s remote user authentication scheme using smart cards. Computer Standards & Interfaces 27(2), 181–183 (2005)
Xu, J., Zhu, W., Feng, D.: An improved smart card based password authentication scheme with provable security. Computer Standards & Interfaces 31(4), 723–728 (2009)
Sood, S.K., Sarje, A.K., Singh, K.: Secure Dynamic Identity-Based Remote User Authentication Scheme. In: Janowski, T., Mohanty, H. (eds.) ICDCIT 2010. LNCS, vol. 5966, pp. 224–235. Springer, Heidelberg (2010)
Khan, M., Kim, S., Alghathbar, K.: Cryptanalysis and security enhancement of ‘a more efficient and secure dynamic id-based remote user authentication scheme’. Computer Communications 34(3), 305–309 (2011)
Wang, D., Ma, C.-G., Wu, P.: Secure Password-Based Remote User Authentication Scheme with Non-tamper Resistant Smart Cards. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 114–121. Springer, Heidelberg (2012)
Wang, D., Ma, C.G.: On the security of an improved password authentication scheme based on ecc. Cryptology ePrint Archive, Report 2012/190 (2012), http://eprint.iacr.org/2012/190.pdf
Ma, C.G., Wang, D., Zhang, Q.M.: Cryptanalysis and Improvement of Sood et al.’s Dynamic ID-Based Authentication Scheme. In: Ramanujam, R., Ramaswamy, S. (eds.) ICDCIT 2012. LNCS, vol. 7154, pp. 141–152. Springer, Heidelberg (2012)
Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)
Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers 51(5), 541–552 (2002)
Mangard, S., Oswald, E., Standaert, F.X.: One for all-all for one: unifying standard differential power analysis attacks. IET Information Security 5(2), 100–110 (2011)
Gu, K., Wu, L.J., Li, X.Y., Zhang, X.M.: Design and implementation of an electromagnetic analysis system for smart cards. In: 2011 Seventh International Conference on Computational Intelligence and Security, pp. 653–656. IEEE Press, New York (2011)
Spaford, E.H.: Opus: Preventing weak password choices. Computers & Security 11(3), 273–278 (1992)
Campbell, J., Ma, W., Kleeman, D.: Impact of restrictive composition policy on user password choices. Behaviour & Information Technology 30(3), 379–388 (2011)
Bao, F., Deng, R.: Privacy Protection for Transactions of Digital Goods. In: Qing, S., Okamoto, T., Zhou, J. (eds.) ICICS 2001. LNCS, vol. 2229, pp. 202–213. Springer, Heidelberg (2001)
Tang, C., Wu, D.: Mobile privacy in wireless networks-revisited. IEEE Transactions on Wireless Communications 7(3), 1035–1042 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhang, Mh., Yang, Cg., Wang, D. (2012). Security Analysis of a Secure and Practical Dynamic Identity-Based Remote User Authentication Scheme. In: Wang, F.L., Lei, J., Gong, Z., Luo, X. (eds) Web Information Systems and Mining. WISM 2012. Lecture Notes in Computer Science, vol 7529. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33469-6_38
Download citation
DOI: https://doi.org/10.1007/978-3-642-33469-6_38
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33468-9
Online ISBN: 978-3-642-33469-6
eBook Packages: Computer ScienceComputer Science (R0)