Cryptanalysis for Secure and Efficient Smart-Card-Based Remote User Authentication Scheme for Multi-server Environment

Multi-server authentication is going to be an integral part of remote authentication with the passage of time. The remote authentication has been part and parcel of internet based communication. In the last decade several multi-server authentication techniques has been presented. However there is still a need of more efficient and robust techniques. Lately, Saraswathi et al., presented a multi-server authentication scheme that has been found under much vulnerability like stolen card attack, misrepresentation attack, and forward secrecy attacks. This paper presents the cryptanalysis for Saraswathi et al. scheme and shows the review analysis.

[1]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[2]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[3]  Jian Ma,et al.  A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments , 2013, Math. Comput. Model..

[4]  Woei-Jiunn Tsaur,et al.  A Flexible User Authentication Scheme for Multi-server Internet Services , 2001, ICN.

[5]  Shuenn-Shyang Wang,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[6]  I. C. Lin,et al.  (IEEE Transactions on Neural Networks,12(6):1498-1504)A Remote Password Authentication Scheme for Multi-Server Architecture Using Neural Network , 2001 .

[7]  R. Madhusudhan,et al.  Weaknesses of a Dynamic ID Based Remote User Authentication Protocol for Multi-Server Environment , 2014 .

[8]  Tae Hyun Kim,et al.  Side channel analysis attacks using AM demodulation on commercial smart cards with SEED , 2012, J. Syst. Softw..

[9]  Cheng-Chi Lee,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards , 2011, Expert Syst. Appl..

[10]  Wei-Bin Lee,et al.  A smart card-based remote scheme for password authentication in multi-server Internet services , 2004, Comput. Stand. Interfaces.

[11]  Kuldip Singh,et al.  A secure dynamic identity based authentication protocol for multi-server architecture , 2011, J. Netw. Comput. Appl..

[12]  Peilin Hong,et al.  A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture , 2012, J. Comput. Syst. Sci..

[13]  Wen-Shenq Juang,et al.  Efficient multi-server password authenticated key agreement using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[14]  Jia-Lun Tsai,et al.  Efficient multi-server authentication scheme based on one-way hash function without verification table , 2008, Comput. Secur..

[15]  Jian Ma,et al.  An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards , 2012, J. Netw. Comput. Appl..

[16]  Cheng-Chi Lee,et al.  An Improved Secure Dynamic ID Based Remote User Authentication Scheme for Multi-Server Environment , 2012 .

[17]  Chin-Chen Chang,et al.  Remote password authentication with smart cards , 1991 .

[18]  Chin-Chen Chang,et al.  An efficient and secure multi-server password authentication scheme using smart cards , 2004, 2004 International Conference on Cyberworlds.

[19]  Min-Shiang Hwang,et al.  A new remote user authentication scheme for multi-server architecture , 2003, Future Gener. Comput. Syst..

[20]  Yogesh Palanichamy,et al.  Secure and Efficient Smart-Card-Based Remote User Authentication Scheme for Multiserver Environment , 2015, Canadian Journal of Electrical and Computer Engineering.

[21]  Wei-Kuan Shih,et al.  Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[22]  Ding Wang,et al.  Robust Smart Card based Password Authentication Scheme against Smart Card Security Breach ⋆ , 2012 .

[23]  Yuh-Min Tseng,et al.  Efficient Revocable Multi-Receiver ID-Based Encryption , 2013, Inf. Technol. Control..