Comments on an Advanced Dynamic ID-Based Authentication Scheme for Cloud Computing

The design of secure remote user authentication schemes for mobile devices in Cloud Computing is still an open and quite challenging problem, though many such schemes have been published lately. Recently, Chen et al. pointed out that Yang and Chang's ID-based authentication scheme based on elliptic curve cryptography (ECC) is vulnerable to various attacks, and then presented an improved password based authentication scheme using ECC to overcome the drawbacks. Based on heuristic security analysis, Chen et al. claimed that their scheme is more secure and can withstand all related attacks. In this paper, however, we show that Chen et al.'s scheme cannot achieve the claimed security goals and report its flaws: (1) It is vulnerable to offline password guessing attack; (2) It fails to preserve user anonymity; (3) It is prone to key compromise impersonation attack; (4) It suffers from the clock synchronization problem. The cryptanalysis demonstrates that the scheme under study is unfit for practical use in Cloud Computing environment.

[1]  P.R. Kumar,et al.  Distributed Clock Synchronization over Wireless Networks: Algorithms and Analysis , 2006, Proceedings of the 45th IEEE Conference on Decision and Control.

[2]  Roberto Baldoni,et al.  Coupling-Based Internal Clock Synchronization for Large-Scale Dynamic Distributed Systems , 2010, IEEE Transactions on Parallel and Distributed Systems.

[3]  Christof Paar,et al.  Side-Channel Analysis of Cryptographic RFIDs with Analog Demodulation , 2011, RFIDSec.

[4]  James P. Titus,et al.  Security and Privacy , 1967, 2022 IEEE Future Networks World Forum (FNWF).

[5]  Stefan Mangard,et al.  One for all - all for one: unifying standard differential power analysis attacks , 2011, IET Inf. Secur..

[6]  Chin-Chen Chang,et al.  An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem , 2009, Comput. Secur..

[7]  G. P. Biswas,et al.  A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem , 2011, J. Syst. Softw..

[8]  Chunguang Ma,et al.  On the (in)security of some smart-card-based password authentication schemes for WSN , 2012, IACR Cryptol. ePrint Arch..

[9]  Nora Cuppens-Boulahia,et al.  Data and Applications Security and Privacy XXVI , 2012, Lecture Notes in Computer Science.

[10]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[11]  Jianying Zhou,et al.  Information and Communications Security , 2013, Lecture Notes in Computer Science.

[12]  Xiaohong Yuan,et al.  Cloud computing and security challenges , 2012, ACM-SE '12.

[13]  Chunguang Ma,et al.  On the Security of an Improved Password Authentication Scheme Based on ECC , 2012, ICICA.

[14]  Chin-Chen Chang,et al.  A Secure Single Sign-On Mechanism for Distributed Computer Networks , 2012, IEEE Transactions on Industrial Electronics.

[15]  Xiaotie Deng,et al.  Formal Analysis and Systematic Construction of Two-Factor Authentication Scheme (Short Paper) , 2006, ICICS.

[16]  Dengguo Feng,et al.  An improved smart card based password authentication scheme with provable security , 2009, Comput. Stand. Interfaces.

[17]  Wei-Kuan Shih,et al.  An Advanced ECC Dynamic ID-Based Remote Mutual Authentication Scheme for Cloud Computing , 2011, 2011 Fifth FTRA International Conference on Multimedia and Ubiquitous Engineering.

[18]  Chunguang Ma,et al.  Cryptanalysis and Improvement of Sood et al.'s Dynamic ID-Based Authentication Scheme , 2012, ICDCIT.

[19]  Peng Wu,et al.  Secure password-based remote user authentication scheme with non-tamper resistant smart cards , 2012, IACR Cryptol. ePrint Arch..

[20]  Li Gong,et al.  A security risk of depending on synchronized clocks , 1992, OPSR.