Cryptanalysis and security enhancement of a 'more efficient & secure dynamic ID-based remote user authentication scheme'
作者: Muhammad Khurram Khan , Soo-Kyun Kim , Khaled Alghathbar
DOI: 10.1016/J.COMCOM.2010.02.011
关键词:
摘要: Remote user authentication is a method, in which remote server verifies the legitimacy of over an insecure communication channel. Currently, smart card-based schemes have been widely adopted due to their low computational cost and convenient portability for purpose. Recently, Wang et al. proposed dynamic ID-based scheme using cards. They claimed that preserves anonymity user, has features strong password chosen by server, protected from several attacks. However, this paper, we point out al.'s practical pitfalls not feasible real-life implementation. We identify scheme: does provide during authentication, no choice choosing his password, vulnerable insider attack, provision revocation lost or stolen card, session key agreement. To remedy these security flaws, propose enhanced scheme, covers all identified weaknesses more secure efficient application environment.
acm.org
elsevier.com
sci-hub.se 参考文章(29)
Mohammed Misbahuddin, C. Shoba Bindu, Cryptanalysis of Liao-Lee-Hwang's Dynamic ID Scheme International Journal of Network Security. ,vol. 6, pp. 211- 213 ,(2008)
W.-C. KU, Impersonation Attack on a Dynamic ID-Based Remote User Authentication Scheme Using Smart Cards IEICE Transactions on Communications. ,vol. E88-B, pp. 2165- 2167 ,(2005) , 10.1093/IETCOM/E88-B.5.2165
Amit K. Awasthi, Comment on 'A Dynamic ID-based Remote User Authentication Scheme arXiv: Cryptography and Security. ,(2004)
Jen-Ho Yang, Chin-Chen Chang, An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem Computers & Security. ,vol. 28, pp. 138- 143 ,(2009) , 10.1016/J.COSE.2008.11.008
Wen-Her Yang, Shiuh-Pyng Shieh, Refereed paper: Password authentication schemes with smart cards Computers & Security. ,vol. 18, pp. 727- 733 ,(1999) , 10.1016/S0167-4048(99)80136-9
Chun-I Fan, Yung-Cheng Chan, Zhi-Kai Zhang, Robust remote authentication scheme with smart cards Computers & Security. ,vol. 24, pp. 619- 628 ,(2005) , 10.1016/J.COSE.2005.03.006
Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan, A more efficient and secure dynamic ID-based remote user authentication scheme Computer Communications. ,vol. 32, pp. 583- 585 ,(2009) , 10.1016/J.COMCOM.2008.11.008
MuhammadKhurram Khan, Fingerprint Biometric-based Self-Authentication and Deniable Authentication Schemes for the Electronic World Iete Technical Review. ,vol. 26, pp. 191- 195 ,(2009) , 10.4103/0256-4602.50703
Muhammad Khurram Khan, Jiashu Zhang, Improving the security of 'a flexible biometrics remote user authentication scheme' Computer Standards & Interfaces. ,vol. 29, pp. 82- 85 ,(2007) , 10.1016/J.CSI.2006.01.002
Cheng-Chi Lee, Min-Shiang Hwang, Wei-Peng Yang, A flexible remote user authentication scheme using smart cards Operating Systems Review. ,vol. 36, pp. 46- 52 ,(2002) , 10.1145/567331.567335