Cryptanalysis of a dynamic identity-based remote user authentication scheme with verifiable password update
作者: Xiong Li , Jianwei Niu , Junguo Liao , Wei Liang
DOI: 10.1002/DAC.2676
关键词: Computer security 、 Password 、 Challenge–response authentication 、 Password policy 、 Password strength 、 Zero-knowledge password proof 、 S/KEY 、 Computer science 、 Cognitive password 、 One-time password
摘要: In the authentication scheme, it is important to ensure that user's identity changed dynamically with different sessions, which can protect privacy information from being tracked. Recently, Chang et al. proposed an untraceable dynamic identity-based remote user scheme verifiable password update. However, our analysis show property of untraceability easily be broken by legal system. Besides, we find vulnerable offline guessing attack, impersonation stolen smart card and insider attack. Copyright © 2013 John Wiley & Sons, Ltd.
acm.org
sci-hub.se 参考文章(29)
Cheng-Chi Lee, Min-Shiang Hwang, Chwei-Shyong Tsai, Password Authentication Schemes: Current Status and Key Issues International Journal of Network Security. ,vol. 3, pp. 101- 115 ,(2006) , 10.6633/IJNS.200609.3(2).01
Ya-Fen Chang, Wei-Liang Tai, Hung-Chin Chang, Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update International Journal of Communication Systems. ,vol. 27, pp. 3430- 3440 ,(2014) , 10.1002/DAC.2552
Bae-Ling Chen, Wen-Chung Kuo, Lih-Chyau Wuu, Robust smart-card-based remote user password authentication scheme International Journal of Communication Systems. ,vol. 27, pp. 377- 389 ,(2014) , 10.1002/DAC.2368
Amit K. Awasthi, Comment on 'A Dynamic ID-based Remote User Authentication Scheme arXiv: Cryptography and Security. ,(2004)
Debiao He, Jianhua Chen, Yitao Chen, A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography Security and Communication Networks. ,vol. 5, pp. 1423- 1429 ,(2012) , 10.1002/SEC.506
Shangguang Wang, Qibo Sun, Hua Zou, Fangchun Yang, Detecting SYN flooding attacks based on traffic prediction Security and Communication Networks. ,vol. 5, pp. 1131- 1140 ,(2012) , 10.1002/SEC.428
Xiong Li, Jianwei Niu, Zhibo Wang, Caisen Chen, Applying biometrics to design three-factor remote user authentication scheme with key agreement Security and Communication Networks. ,vol. 7, pp. 1488- 1497 ,(2014) , 10.1002/SEC.767
Xiong Li, Jianwei Niu, Muhammad Khurram Khan, Zhibo Wang, Applying LU Decomposition of Matrices to Design Anonymity Bilateral Remote User Authentication Scheme Mathematical Problems in Engineering. ,vol. 2013, pp. 1- 10 ,(2013) , 10.1155/2013/910409
He Debiao, Chen Jianhua, Hu Jin, An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security Information Fusion. ,vol. 13, pp. 223- 230 ,(2012) , 10.1016/J.INFFUS.2011.01.001
Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan, A more efficient and secure dynamic ID-based remote user authentication scheme Computer Communications. ,vol. 32, pp. 583- 585 ,(2009) , 10.1016/J.COMCOM.2008.11.008