Cryptanalysis of a Secure Dynamic ID Based Remote User Authentication Scheme for Multi-Server Environment

The conventional user authentication scheme is designed for a single-sever environment. In the case of multiple servers, a user must register with each server individually, and memorize different pairs of identities and passwords to login to each one. This approach is inconvenient and impractical for a multi-server environment. Therefore, various user authentication schemes for multi-server environments have been proposed. In these schemes, a user only needs to register with the registration center once, and then he/she will be allowed to login to any server in this system. Recently, Liao and Wang proposed a dynamic ID-based remote user authentication scheme for multi-server environments. However, some flaws have been identified in their scheme. This paper demonstrates that anyone with relevant server access not only can derive each session key agreed upon between any user and any server, but he/she also can masquerade as any user to login to whichever server in this system.

[1]  Wei-Bin Lee,et al.  A smart card-based remote scheme for password authentication in multi-server Internet services , 2004, Comput. Stand. Interfaces.

[2]  Wei-Chi Ku Weaknesses and drawbacks of a password authentication scheme using neural networks for multiserver architecture , 2005, IEEE Transactions on Neural Networks.

[3]  Zhenfu Cao,et al.  Efficient Certificateless Authentication and Key Agreement (CL-AK) for Grid Computing , 2008, Int. J. Netw. Secur..

[4]  Xiaohui Liang,et al.  A Simple User Authentication Scheme for Grid Computing , 2008, Int. J. Netw. Secur..

[5]  Wen Gao,et al.  Elliptic Curve Cryptography Based Wireless Authentication Protocol , 2007, Int. J. Netw. Secur..

[6]  Min-Shiang Hwang,et al.  A new remote user authentication scheme for multi-server architecture , 2003, Future Gener. Comput. Syst..

[7]  Cheng-Chi Lee,et al.  Password Authentication Schemes: Current Status and Key Issues , 2006, Int. J. Netw. Secur..

[8]  B. Sathish Babu,et al.  A Dynamic Authentication Scheme for Mobile Transactions , 2009, Int. J. Netw. Secur..

[9]  Seong-Moo Yoo,et al.  Authentication Protocol Using Quantum Superposition States , 2009, Int. J. Netw. Secur..

[10]  I. C. Lin,et al.  (IEEE Transactions on Neural Networks,12(6):1498-1504)A Remote Password Authentication Scheme for Multi-Server Architecture Using Neural Network , 2001 .

[11]  Duncan S. Wong,et al.  Improved Efficient Remote User Authentication Schemes , 2007, Int. J. Netw. Secur..

[12]  Wen-Shenq Juang,et al.  Efficient User Authentication and Key Agreement with User Privacy Protection , 2008, Int. J. Netw. Secur..

[13]  Wen-Shenq Juang,et al.  Efficient multi-server password authenticated key agreement using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[14]  Chin-Chen Chang,et al.  An efficient multi-server password authenticated key agreement scheme using smart cards with access control , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[15]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[16]  Ren-Junn Hwang,et al.  Provably Efficient Authenticated Key Agreement Protocol for Multi-Servers , 2007, Comput. J..

[17]  Iuon-Chang Lin,et al.  A neural network system for authenticating remote users in multi‐server architecture , 2008, Int. J. Commun. Syst..

[18]  Yuh-Min Tseng,et al.  A Pairing-Based User Authentication Scheme for Wireless Clients with Smart Cards , 2008, Informatica.

[19]  Shuenn-Shyang Wang,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[20]  Jia-Lun Tsai,et al.  Efficient multi-server authentication scheme based on one-way hash function without verification table , 2008, Comput. Secur..

[21]  Hung-Yu Chien,et al.  An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[22]  Chu-Hsing Lin,et al.  A flexible biometrics remote user authentication scheme , 2004, Comput. Stand. Interfaces.

[23]  Wei-Chi Ku,et al.  Cryptanalysis of a Multi-Server Password Authenticated Key Agreement Scheme Using Smart Cards , 2005, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..