Abstract
Password-based remote user authentication technique is the most commonly used for secure communication over insecure network environments. Due to its simplicity and efficiency, it is widely used in many fields such as e-commerce, distributed system, remote host login system, etc. In recent years, several dynamic ID-based user authentication schemes using password and smart card have been proposed to provide mutual authentication between the user and server. Recently, Lee proposed an efficient dynamic ID-based user authentication scheme without verifier tables. Lee claimed that his scheme can resist off-line password guessing attack, user impersonation attack and provide user anonymity. In this paper, we demonstrate that Lee’s enhanced scheme is not secure against off-line password guessing attack and user impersonation attack in violation of its security claim as well as it fails to preserve user anonymity.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Lamport, L.: Password authentication with insecure communication. Communications of ACM 24, 770–772 (1981)
Das, M.L., Saxena, A., Gulati, V.P.: A Dynamic ID-based Remote User Authentication Scheme. IEEE Transactions on Consumer Electronics 50, 629–631 (2004)
Liao, I.E., Lee, C.C., Hwang, M.S.: Security enhancement for a dynamic id-based remote user authentication scheme. In: Proceedings of the International Conference on the Next Generation Web Services Practices, pp. 22–26 (2005)
Misbahuddin, M., Bindu, C.S.: Cryptanalysis of Liao- Lee-Hwang’s Dynamic ID Scheme. International Journal of Network Security 6, 211–213 (2008)
Wang, Y.Y., Liu, J.Y., **a, F.X., Dan, J.: A More Efficient and Secure Dynamic ID-Based Remote User Authentication Scheme. Computer Communications 32, 583–585 (2009)
Ahmed, M.A., Lakshmi, D.R., Sattar, S.A.: Cryptanalysis of A More Efficient and Secure Dynamic ID-Based Remote User Authentication Scheme. International Journal of Network Security & Its Applications 1, 32–37 (2009)
Lee, H., Choi, D., Lee, Y., Won, D., Kim, S.: Security Weaknesses of Dynamic ID-based Remote User Authentication Protocol. Proceedings of the World Academy of Science Engineering and Technology 59, 190–193 (2009)
Lee, Y.C.: A New Dynamic ID-based User Authentication Scheme to Resist Smart-Card-Theft Attack. Applied Mathematics and Information Sciences 6, 355–361 (2012)
Lee, T.F.: An Efficient Dynamic ID-based User Authentication Scheme using Smartcard without Verifier Tables. Applied Mathematics and Information Sciences 9, 485–490 (2014)
Kocher, P., Jaffe, J., Jun, B.: Proceedings of Advances in Cryptology (CRYPTO 1999), vol. 1666, pp. 388–397 (1999)
Nam, J., Choo, K.K.R., Kim, J., Kang, H.K., Kim, J., Paik, J., Won, D.: Password-Only Authenticated Three-Party Key Exchange with Provable Security in the Standard Model. Sensors 2014 14(4), 6443–6462 (2014)
Jung, J., Jeon, W., Won, D.: An enhanced remote user authentication scheme using smart card. In: ICUIMC 2014 (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer Science+Business Media Singapore
About this paper
Cite this paper
Jung, J., Choi, Y., Lee, D., Kim, J., Mun, J., Won, D. (2015). Cryptanalysis of Dynamic ID-Based User Authentication Scheme Using Smartcards Without Verifier Tables. In: Park, DS., Chao, HC., Jeong, YS., Park, J. (eds) Advances in Computer Science and Ubiquitous Computing. Lecture Notes in Electrical Engineering, vol 373. Springer, Singapore. https://doi.org/10.1007/978-981-10-0281-6_7
Download citation
DOI: https://doi.org/10.1007/978-981-10-0281-6_7
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-0280-9
Online ISBN: 978-981-10-0281-6
eBook Packages: Computer ScienceComputer Science (R0)