Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment

Hsiang, Han-Cheng; Shih, Wei-Kuan

doi:10.1016/j.csi.2008.11.002

Cited by 266 publications

(303 citation statements)

References 16 publications

Supporting

Mentioning

303

Contrasting

Order By: Relevance

“…In recent years, many dynamic identity-based remote login schemes [6,[16][17][18][19][20][21] have been proposed to provide mutual authentication between the user and the remote server. In any dynamic identity-based remote login scheme, users' anonymity [6,7,22] is an important security requirement.…”

Section: Users' Anonymity Problemmentioning

confidence: 99%

“…Before introducing the proposed attacks, we describe the following widely used assumptions about the power of an adversary A [10,11,15,18,22,28,29]. (A1) A can sniff the communication media through which U i and S communicate with each other i.e., A can intercept, block, inject, remove, or modify, any messages transmitted in the media.…”

Section: Cryptanalysis Of Chao's Smartcard-based User Authentication mentioning

confidence: 99%

“…In addition, Wang et al's scheme is not easily repairable and is unable to provide perfect forward secrecy of the generated session key. Other instances of vulnerabilities in published smartcard-based password authentication schemes include off-line password guessing attack [6][7][8]22], impersonation attack [9][10][11], forgery attack [4,[12][13][14], DoS attack [4,7,18,23], parallel session attack [4,9,10,18], replay attack [23], stolen/lost smartcard attack [9,22,24], observing power consumption [25] and reverse engineering techniques [26,27].…”

Section: Introductionmentioning

confidence: 99%

“…The ability to provide security guarantees is of paramount importance and several initiatives have been proposed to address this concern. Due to the low computation cost and portability of smartcard and easy memorization of user chosen password, two-factor smartcard authentication [2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21] using password is commonly used in Internet-based applications such as remote user/server login, online banking, Pay-TV, electronic voting, secret online order placement.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Cryptanalysis of an Improved Smartcard-based Remote Password Authentication Scheme

Islam¹,

Biswas²,

Choo³

2014

Inf. Sci. Lett.

View full text Add to dashboard Cite

Abstract:In recent years, several dynamic identity-based two-factor user authentication using password and smartcard have been proposed to provide mutual authentication between the user and server over unreliable networks. However, the design of secure cryptographic schemes is still notoriously hard, and there have been several instances of detected flaws in published schemes. For example in 2010, Hao and Yu demonstrated that Wang et al.'s user authentication scheme is insecure against off-line password guessing and server masquerade attacks, and proposed an improved scheme. Subsequently in 2012, Chao pointed out that the improved scheme of Hao and Yu is, unfortunately, susceptible to off-line password guessing and server masquerade attacks, and prone to password backward security problem; and proposed an enhanced scheme. In this paper, we demonstrated that Chao's enhanced scheme is not secure against user masquerade attack, server masquerade attack, insider attack and off-line password guessing attack in violation of its security claim as well as it fails to achieve users' anonymity.

show abstract

Section: Users' Anonymity Problemmentioning

confidence: 99%

Section: Cryptanalysis Of Chao's Smartcard-based User Authentication mentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Cryptanalysis of an Improved Smartcard-based Remote Password Authentication Scheme

Islam¹,

Biswas²,

Choo³

2014

Inf. Sci. Lett.

View full text Add to dashboard Cite

show abstract

“…Since then a considerable amount of research [1][2][3][4][5][6][7][8][9][10] has been carried out in this field. In 2009, Hsiang and Shih [1] showed that Liao-Wang [2] scheme cannot resist insider attack, masquerade attack, and server spoofing attack, meanwhile, the scheme cannot achieve mutual authentication. And they proposed an enhanced scheme on Liao-Wang scheme, However, Sood et al [3] pointed out that Hsiang et al's scheme is still insecure; it fails to resist replay attack, impersonation attack and stolen smart attack.…”

Section: Introductionmentioning

confidence: 99%

Security Weaknesses of Li's Remote User Password Authentication Scheme Using Smart Card

Ling¹,

Zhao²,

Liu³

2015

Proceedings of the 2015 International Conference on Materials Engineering and Information Technology Applications

View full text Add to dashboard Cite

Abstract. User authentication is an important technology to guarantee that only the legal users can access resources from the remote server. The advantages of smart cards are storage and computation abilities. Recently, Li et al. pointed out the security problems of Chen et al's password authentication scheme and they proposed an enhanced smart card based remote user password authentication scheme and claimed it is secure, However, We find that Li scheme is still vulnerable. It cannot resist user impersonation attack and insider attack. Besides, it also suffers from user anonymity violation and clock synchronization problem.

show abstract

Lightweight and provably secure user authentication with anonymity for the global mobility network

Chen

Chan

et al. 2011

Int J Communication

109

View full text Add to dashboard Cite

SUMMARYSeamless roaming in the global mobility network (GLOMONET) is highly desirable for mobile users, although their proper authentication is challenging. This is because not only are wireless networks susceptible to attacks, but also mobile terminals have limited computational power. Recently, some authentication schemes with anonymity for the GLOMONET have been proposed. This paper shows some security weaknesses in those schemes. Furthermore, a lightweight and provably secure user authentication scheme with anonymity for the GLOMONET is proposed. It uses only symmetric cryptographic and hash operation primitives for secure authentication. Besides, it takes only four message exchanges among the user, foreign agent and home agent. We also demonstrate that this protocol enjoys important security attributes including prevention of various attacks, single registration, user anonymity, user friendly, no password/verifier table, and use of one-time session key between mobile user and foreign agent. The security properties of the proposed protocol are formally validated by a model checking tool called AVISPA. Furthermore, as one of the new features in our protocol, it can defend smart card security breaches.

show abstract

Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment

Cited by 266 publications

References 16 publications

Cryptanalysis of an Improved Smartcard-based Remote Password Authentication Scheme

Cryptanalysis of an Improved Smartcard-based Remote Password Authentication Scheme

Security Weaknesses of Li's Remote User Password Authentication Scheme Using Smart Card

Lightweight and provably secure user authentication with anonymity for the global mobility network

Contact Info

Product

Resources

About