Comments on a Dynamic-ID-Based Remote User Authentication Scheme for Multi-server Environment Using Smart Cards

User authentication prevents unauthorized users from accessing resources or getting applications illegally. Due to the rapid development of computer network technologies, users may gain the desired services in a multi-server environment. Recently, Lee et al. proposed a dynamic-ID-based remote user authentication scheme for multi-server environment using smart cards. They adopt dynamic ID to provide user anonymity. However, we found that their scheme suffers from some security drawbacks. in this paper, we show the perceived security drawbacks in detail and give some helpful remedy recommendations.

[1]  Chin-Chen Chang,et al.  An efficient and secure multi-server password authentication scheme using smart cards , 2004, 2004 International Conference on Cyberworlds.

[2]  Min-Shiang Hwang,et al.  A new remote user authentication scheme for multi-server architecture , 2003, Future Gener. Comput. Syst..

[3]  Shuenn-Shyang Wang,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[4]  Hung-Min Sun,et al.  An efficient remote use authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[5]  Hung-Min Sun,et al.  An Efficient Remote User Authentication Scheme Using Smart Cards , 2000 .

[6]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[7]  Cheng-Chi Lee,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards , 2011, Expert Syst. Appl..

[8]  Wei-Chi Ku,et al.  Weaknesses and improvement of Wang et al.'s remote user password authentication scheme for resource-limited environments , 2009, Comput. Stand. Interfaces.

[9]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[10]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[11]  Yu-Hao Chuang,et al.  A novel user identification scheme with key distribution preserving user anonymity for distributed computer networks , 2009, Inf. Sci..

[12]  I. C. Lin,et al.  (IEEE Transactions on Neural Networks,12(6):1498-1504)A Remote Password Authentication Scheme for Multi-Server Architecture Using Neural Network , 2001 .

[13]  Wei-Kuan Shih,et al.  Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[14]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[15]  Chien-Lung Hsu,et al.  Efficient user identification scheme with key distribution preserving anonymity for distributed computer networks , 2004, Comput. Secur..

[16]  Wen-Shenq Juang,et al.  Efficient multi-server password authenticated key agreement using smart cards , 2004, IEEE Transactions on Consumer Electronics.