Online citations, reference lists, and bibliographies.
← Back to Search

Cryptanalysis And Security Enhancement Of A 'more Efficient & Secure Dynamic ID-based Remote User Authentication Scheme'

M. Khan, Soo-Kyun Kim, Khaled Alghathbar
Published 2011 · Computer Science

Cite This
Download PDF
Analyze on Scholarcy
Share
Remote user authentication is a method, in which remote server verifies the legitimacy of a user over an insecure communication channel. Currently, smart card-based remote user authentication schemes have been widely adopted due to their low computational cost and convenient portability for the authentication purpose. Recently, Wang et al. proposed a dynamic ID-based remote user authentication scheme using smart cards. They claimed that their scheme preserves anonymity of user, has the features of strong password chosen by the server, and protected from several attacks. However, in this paper, we point out that Wang et al.'s scheme has practical pitfalls and is not feasible for real-life implementation. We identify that their scheme: does not provide anonymity of a user during authentication, user has no choice in choosing his password, vulnerable to insider attack, no provision for revocation of lost or stolen smart card, and does provide session key agreement. To remedy these security flaws, we propose an enhanced authentication scheme, which covers all the identified weaknesses of Wang et al.'s scheme and is more secure and efficient for practical application environment.
This paper references
Cryptanalysis of Liao-Lee-Hwang's Dynamic ID Scheme
M. Misbahuddin (2008)
10.1109/AINA.2005.54
A remote authentication scheme preserving user anonymity
H. Chien (2005)
10.1016/S0167-4048(99)80136-9
Password authentication schemes with smart cards
Wen-Her Yang (1999)
10.1109/TIT.1985.1057074
A public key cryptosystem and a signature scheme based on discrete logarithms
T. Elgamal (1985)
10.1016/j.csi.2006.01.002
Improving the security of 'a flexible biometrics remote user authentication scheme'
M. Khan (2007)
10.1109/TCE.2004.1309441
A dynamic ID-based remote user authentication scheme
M. Das (2004)
10.1007/3-540-39568-7_2
A public key cryptosystem and a signature scheme based on discrete logarithms
T. Elgamal (1984)
10.1016/0167-4048(96)00005-3
Refereed paper: Smart card based secure password authentication scheme
Wang Shiuh-Jeng (1996)
A Modified Remote User Authentication Scheme Using Smart Cards
Y. Xiu-yuan (2008)
10.1109/TCE.2004.1277863
Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards
W. Ku (2004)
10.1093/ietcom/e88-b.5.2165
Impersonation Attack on a Dynamic ID-Based Remote User Authentication Scheme Using Smart Cards
W. Ku (2005)
10.1109/NWESP.2005.67
Security enhancement for a dynamic ID-based remote user authentication scheme
I. Liao (2005)
10.15388/INFORMATICA.2003.022
Some Forgery Attacks on a Remote User Authentication Scheme Using Smart Cards
C. Chang (2003)
10.1145/567331.567335
A flexible remote user authentication scheme using smart cards
C. Lee (2002)
10.1016/j.csi.2007.10.007
A secure dynamic ID based remote user authentication scheme for multi-server environment
Yi-Pin Liao (2009)
10.1109/TCE.2003.1261224
Cryptanalysis of a modified remote user authentication scheme using smart cards
K. Leung (2003)
10.1016/0167-4048(96)00005-3
Smart card based secure password authentication scheme
S. Wang (1996)
10.1016/j.csi.2008.11.002
Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment
H. Hsiang (2009)
10.1049/EL:20047658
Further cryptanalysis of fingerprint-based remote user authentication scheme using smartcards
W. Ku (2005)
10.1016/j.comcom.2008.11.026
More secure remote user authentication scheme
Sang-Kyun Kim (2009)
Comment on A dynamic ID-based Remote User Authentication Scheme
A. Awasthi (2004)
An Efficient Remote User Authentication Scheme Using Smart Cards
H. Sun (2000)
10.1016/j.cose.2005.03.006
Robust remote authentication scheme with smart cards
C. Fan (2005)
10.1016/j.comcom.2008.11.008
A more efficient and secure dynamic ID-based remote user authentication scheme
Y. Wang (2009)
10.1109/30.826377
A new remote user authentication scheme using smart cards
M. Hwang (2000)
10.1145/358790.358797
Password authentication with insecure communication
L. Lamport (1981)
10.4103/0256-4602.50703
Fingerprint Biometric-based Self-Authentication and Deniable Authentication Schemes for the Electronic World
M. Khan (2009)
10.1109/30.920446
An efficient remote use authentication scheme using smart cards
H. Sun (2000)
10.1016/S0920-5489(03)00094-1
Security of Chien et al.'s remote user authentication scheme using smart cards
C. Hsu (2004)
10.1016/j.cose.2008.11.008
An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem
Jen-Ho Yang (2009)



This paper is referenced by
Attacks on Lin's Mobile Dynamic Identity-based Authenticated Key Agreement Scheme using Chebyshev Chaotic Maps
S. H. Islam (2014)
for free : Efficient and provably secure two-factor authentication scheme with user
D. Wang (2015)
10.1155/2015/934716
A Multipurpose Key Agreement Scheme in Ubiquitous Computing Environments
C. Chang (2015)
10.1155/2014/719470
A Robust and Effective Smart-Card-Based Remote User Authentication Mechanism Using Hash Function
A. K. Das (2014)
10.1007/s10916-013-9958-z
Security analysis and Improvement of a Privacy Authentication Scheme for Telecare Medical Information Systems
F. Wu (2013)
10.1088/1742-6596/1087/6/062003
Security Analysis of Improved User Authentication Schemes Using Smart Cards
Xiao Hong Yin (2018)
10.1504/IJIPT.2016.079548
Remote user authentication scheme using smart card: a review
M. Karuppiah (2016)
10.1016/j.future.2017.07.040
Anonymous biometrics-based authentication scheme with key distribution for mobile multi-server environment
Qi Feng (2018)
10.3390/computers5030015
Strong Authentication Scheme Based on Hand Geometry and Smart Card Factors
A. Yassin (2016)
10.1007/978-3-319-27659-5_16
Offline Dictionary Attack on Password Authentication Schemes Using Smart Cards
Ding Wang (2013)
10.2298/CSIS141029030K
On the security enhancement of integrated electronic patient records information systems
M. Khan (2015)
10.1007/s11277-015-2896-y
Cryptanalysis and Improvement of a Mobile Dynamic ID Authenticated Key Agreement Scheme Based on Chaotic Maps
Hongfeng Zhu (2015)
10.1007/s10916-014-0136-8
Three-Factor Anonymous Authentication and Key Agreement Scheme for Telecare Medicine Information Systems
Hamed Arshad (2014)
Cryptanalysis of Two Efficient Password-based Authentication Schemes Using Smart Cards
Y. Wang (2015)
10.1007/s10916-012-9897-0
A Privacy Enhanced Authentication Scheme for Telecare Medical Information Systems
Qi Jiang (2012)
10.1007/s10916-012-9862-y
An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems
H. Chen (2012)
10.12673/JKONI.2013.17.3.314
Secure User Authentication Scheme Based on Facial Recognition for Smartwork Environment
Yun-Sang Byun (2013)
10.1002/sec.1432
Efficient and robust user authentication scheme that achieve user anonymity with a Markov chain
Dongwoo Kang (2016)
10.1016/j.compeleceng.2017.12.045
Advanced formal authentication protocol using smart cards for network applicants
Trupil Limbasiya (2018)
10.1016/j.jisa.2017.08.004
Security bound enhancement of remote user authentication using smart card
R. Madhusudhan (2017)
10.1109/ICCCNT.2012.6395882
Smart card based remote user authentication schemes — Survey
G. Jaspher (2012)
10.1007/s10916-012-9911-6
Robust Anonymous Authentication Scheme for Telecare Medical Information Systems
Qi Xie (2012)
10.12988/CES.2014.49186
Security vulnerabilities of an enhanced remote user authentication scheme
Hae-Soon Ahn (2014)
10.7838/JSEBS.2013.18.2.081
A Robust and Secure Remote User Authentication Scheme Preserving User Anonymity
Kwang-Cheul Shin (2013)
10.1145/2897845.2897916
The Request for Better Measurement: A Comparative Evaluation of Two-Factor Authentication Schemes
Ding Wang (2016)
10.1007/s10916-014-0026-0
An Improved Anonymous Authentication Scheme for Telecare Medical Information Systems
F. Wen (2014)
10.1007/S11277-015-2736-0
A Dynamic-Identity Based Multimedia Server Client Authentication Scheme for Tele-Care Multimedia Medical Information System
Deebak Bakkiam David (2015)
10.1504/IJESDF.2014.065741
A secure and timestamp-based communication scheme for cloud environment
Abu Salim (2014)
10.1016/j.jnca.2012.01.007
Dynamic ID-based remote user password authentication schemes using smart cards: A review
R. Madhusudhan (2012)
10.1155/2013/491289
An Improved Biometrics-Based Remote User Authentication Scheme with User Anonymity
M. Khan (2013)
10.4236/ENG.2014.66030
An Enhanced Remote User Authentication Scheme
Xiaohui Yang (2010)
Robust BioMetric Based Authentication scheme using watermarking
T. Deepika (2016)
See more
Semantic Scholar Logo Some data provided by SemanticScholar