Cryptanalysis on Improved Remote User Authentication Scheme Preserving User Anonymity

Summary Even though user anonymity is an important issue in many ecommerce applications, most of smartcard-based remote authentication schemes did not considered user identities protection while authenticating the users. In 2004, Das et al. proposed a remote authentication scheme by preserving the users' anonymity. Their scheme adopted dynamic identification to achieve the property. In 2005, Chien and Chen pointed out that Das et al.'s scheme fails to protect the user's anonymity, and enhanced the scheme. However, Hu et al. in 2007 showed that their scheme also has some problems including masquerading attacks, insider attack, and replay attack and presented an improved scheme to conquer these problems. This paper shows that Hu et al.'s scheme still suffers from some attacks. The scheme could not only suffer from strong user/server masquerading attacks and denial of service attack but also not support the user anonymity. Additionally, this paper points out that the method to prevent the insider attack in the scheme is not applicable in reality.

[1]  Ashutosh Saxena,et al.  A dynamic ID-based remote user authentication scheme , 2004, IEEE Transactions on Consumer Electronics.

[2]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[3]  Chien-Ming Chen,et al.  Cryptanalysis of a Variant of Peyravian-Zunic's Password Authentication Scheme , 2003 .

[4]  Yixian Yang,et al.  Improved Remote User Authentication Scheme Preserving User Anonymity , 2007, Fifth Annual Conference on Communication Networks and Services Research (CNSR '07).

[5]  Hung-Yu Chien,et al.  A remote authentication scheme preserving user anonymity , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[6]  C. Bindu,et al.  Improved Remote User Authentication Scheme Preserving User Anonymity , 2008 .

[7]  Eun-Jun Yoon,et al.  More Efficient and Secure Remote User Authentication Scheme using Smart Cards , 2005, 11th International Conference on Parallel and Distributed Systems (ICPADS'05).

[8]  Wen-Shenq Juang,et al.  Efficient password authenticated key agreement using smart cards , 2004, Comput. Secur..

[9]  Chin-Chen Chang,et al.  Remote password authentication with smart cards , 1991 .

[10]  Chun-I Fan,et al.  Robust remote authentication scheme with smart cards , 2005, Comput. Secur..

[11]  Hu Zheng-ming A New Mutual User Authentication Scheme Using Smart Card , 2005 .