论文信息 - Cryptanalysis of a Dynamic ID-Based Remote User Authentication Scheme with Access Control for Multi-Server Environments

Cryptanalysis of a Dynamic ID-Based Remote User Authentication Scheme with Access Control for Multi-Server Environments

Recently, Shao et al. [M. Shao and Y. Chin, A privacypreserving dynamic id-based remote user authentication scheme with access control for multi-server environment, IEICE Transactions on Information and Systems, vol.E95-D, no.1, pp.161–168, 2012] proposed a dynamic ID-based remote user authentication scheme with access control for multiserver environments. They claimed that their scheme could withstand various attacks and provide anonymity. However, in this letter, we will point out that Shao et al.’s scheme has practical pitfalls and is not feasible for real-life implementation. We identify that their scheme is vulnerable to two kinds of attacks and cannot provide anonymity. key words: authentication scheme, multi-server environment, dynamic IDbased, anonymity

Debiao He | Hao Hu

[1] Paul C. Kocher,et al. Differential Power Analysis , 1999, CRYPTO.

[2] Min-Shiang Hwang,et al. A remote password authentication scheme for multiserver architecture using neural networks , 2001, IEEE Trans. Neural Networks.

[3] Yuefei Zhu,et al. Robust smart-cards-based user authentication scheme with user anonymity , 2012, Secur. Commun. Networks.

[4] Robert H. Sloan,et al. Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[5] Min-Hua Shao,et al. A Privacy-Preserving Dynamic ID-Based Remote User Authentication Scheme with Access Control for Multi-Server Environment , 2012, IEICE Trans. Inf. Syst..