Security Weaknesses of Dynamic ID-based Remote User Authentication Protocol

Hyoungseob Lee; Donghyun Choi; Yunho Lee; Dongho Won; Seungjoo Kim

Commenced in January 2007

Frequency: Monthly

Edition: International

Paper Count: 32797

Security Weaknesses of Dynamic ID-based Remote User Authentication Protocol

Authors: Hyoungseob Lee, Donghyun Choi, Yunho Lee, Dongho Won, Seungjoo Kim

Abstract:

Recently, with the appearance of smart cards, many user authentication protocols using smart card have been proposed to mitigate the vulnerabilities in user authentication process. In 2004, Das et al. proposed a ID-based user authentication protocol that is secure against ID-theft and replay attack using smart card. In 2009, Wang et al. showed that Das et al.-s protocol is not secure to randomly chosen password attack and impersonation attack, and proposed an improved protocol. Their protocol provided mutual authentication and efficient password management. In this paper, we analyze the security weaknesses and point out the vulnerabilities of Wang et al.-s protocol.

Keywords: Message Alteration Attack, Impersonation Attack

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1329787

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1718

References:

[1] L. Lamport, "Password authentication with insecure communication," Communications of the ACM, vol 24, pp 770-772, 1981
[2] M.S. Hwang, L.H. Li, "A new remote user authentication scheme using smart cards," IEEE Transactions on Consumer Electronics 46 , pp28-.30, 2000
[3] ML Das, A Saxena, VP Gulati, "A dynamic ID-based remote user authentication scheme," IEEE Transactions on Consumer Electronics 2004, volume 50, Issue 2, pp. 629-631, 2004.
[4] Y Wang, J Liu, F Xiao, J Dan, "A more efficient and secure dynamic ID-based remote user authentication scheme," Computer Communications 32, Volume 32, Issue 4, 2009, pp 583-585
[5] H.M. Sun,"An efficient remote user authentication scheme using smartcards," IEEE Transactions on Consumer Electronics 46, pp 958-961. 2000
[6] YP Liao, SS Wang, "A secure dynamic ID based remote user authentication scheme for multi-server environment," Computer Standards & Interfaces, Volume 31, Issue 1, pp 24-29, 2009
[7] HC Hsiang, WK Shih, "improvement of the secure dynamic id based remote user authentication scheme for multi-server environment,"Computer Standards & Interfaces 31, Issue 6, 2008, pp 1118-1123, 2008
[8] T.S. Messergers, E.A. Dabbish, R.H. Sloan, "Examining smart card security under the threat of power analysis attacks," IEEE Trans. Comput. 51, pp 541-.552. 2002