Abstract
Anonymity is one of the important properties of remote authentication schemes to preserve user privacy. Recently, Sood et al. showed that Wang et al.’s dynamic ID-based remote user authentication scheme fails to preserve user anonymity and is vulnerable to various attacks if the smart card is non-tamper resistant. Consequently, an improved version of dynamic ID-based authentication scheme was proposed and claimed that it is efficient and secure. In this paper, however, we will show that Sood et al.’s scheme still cannot preserve user anonymity under their assumption. In addition, their scheme is also vulnerable to the offline password guessing attack and the stolen verifier attack. To remedy these security flaws, we propose an enhanced authentication scheme, which covers all the identified weaknesses of Sood et al.’s scheme and is more secure and efficient for practical application environment.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Ku, W.C., Chen, S.M.: Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 50(1), 204–207 (2004)
Chen, Y.C., Yeh, L.Y.: An efficient nonce-based authentication scheme with key agreement. Applied Mathematics and Computation 169(2), 982–994 (2005)
Shieh, W.G., Wang, J.M.: Efficient Remote Mutual Authentication and Key Agreement. Computers and Security 25(1), 72–77 (2006)
Hsiang, H.C., Shih, W.K.: Weaknesses and Improvements of the Yoon-Ryu-Yoo Remote User Authentication Scheme using Smart Cards. Computer Communications 32(4), 649–652 (2009)
Kumar, M.: A new secure remote user authentication scheme with smart cards. International Journal of Network Security 11, 88–93 (2010)
Sood, S.K., Sarje, A.K., Singh, K.: Secure Dynamic Identity-Based Remote User Authentication Scheme. In: Janowski, T., Mohanty, H. (eds.) ICDCIT 2010. LNCS, vol. 5966, pp. 224–235. Springer, Heidelberg (2010)
Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining Smart-Card Security under the Threat of Power Analysis Attacks. IEEE Transactions on Computers 51(5), 541–552 (2002)
Das, M.L., Saxena, A., Gulati, V.P.: A dynamic ID-based remote user authentication scheme. IEEE Transactions on Consumer Electronics 50(2), 629–631 (2004)
Chien, H.Y., Chen, C.H.: A remote authentication scheme preserving user anonymity. In: IEEE AINA 2005, pp. 245–248. IEEE Computer Society, Los Alamitos (2005)
Wang, Y.Y., Liu, J.Y., Xiao, F.X., Dan, J.: A more efficient and secure dynamic ID-based remote user authentication scheme. Computer Communications 32(4), 583–585 (2009)
Hu, L.L., Yang, Y.X., Niu, X.Y.: Improved remote user authentication scheme preserving user anonymity. In: Fifth Annual Conference on Communication Networks and Services Research, pp. 323–328. IEEE Computer Society, Los Alamitos (2007)
Horng, W.B., Lee, C.P., Peng, J.: A secure remote authentication scheme preserving user anonymity with non-tamper resistant smart cards. WSEAS Transactions on Information Science and Applications 7(5), 619–628 (2010)
Yeh, K.H., Su, C.H., Lo, N.W.: Two robust remote user authentication protocols using smart cards. Journal of Systems and Software 83(12), 2556–2565 (2010)
Khan, M.K., Kim, S.K., Alghathbar, K.: Cryptanalysis and security enhancement of a ‘more efficient & secure dynamic ID-based remote user authentication scheme’. Computer Communications 34(3), 305–309 (2011)
Sood, S.K.: Secure Dynamic Identity-Based Authentication Scheme Using Smart Cards. Information Security Journal: A Global Perspective 20(2), 67–77 (2011)
He, D.B., Chen, J.H., Zhang, R.: Weaknesses of a dynamic ID-based remote user authentication scheme. International Journal of Electronic Security and Digital Forensics 3(4), 355–362 (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ma, CG., Wang, D., Zhang, QM. (2012). Cryptanalysis and Improvement of Sood et al.’s Dynamic ID-Based Authentication Scheme. In: Ramanujam, R., Ramaswamy, S. (eds) Distributed Computing and Internet Technology. ICDCIT 2012. Lecture Notes in Computer Science, vol 7154. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28073-3_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-28073-3_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-28072-6
Online ISBN: 978-3-642-28073-3
eBook Packages: Computer ScienceComputer Science (R0)