Cryptanalysis of Two Improved Remote User Authentication Schemes Preserving User Anonymity

Lately, remote user authentication schemes using smart cards have been researched to provide user privacy. Previously provided schemes based on smart cards were only concerned about providing mutual authentication with key exchange, but the schemes preserving user anonymity have been recently demanded because the user privacy is an important issue in many e-commerce applications. In 2007, Hu et al. pointed out that Chien and Chen's scheme fails to protect the user anonymity and proposed a scheme preserving user anonymity. In 2008, Bindu et al. also pointed out Chien and Chen's scheme fails to protect the user anonymity and suggested a scheme preserving user anonymity. Unfortunately, neither scheme guarantee user anonymity against an insider adversary who is a legal user. In this paper, we first point out that both Hu et al.'s scheme and Bindu et al.'s scheme are still vulnerable to the insider attack.

[1]  Wei-Chi Ku,et al.  Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[2]  Hung-Min Sun,et al.  An Efficient Remote User Authentication Scheme Using Smart Cards , 2000 .

[3]  Jun Sun,et al.  An enhanced remote login authentication with smart card , 2005, IEEE Workshop on Signal Processing Systems Design and Implementation, 2005..

[4]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[5]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[6]  Eun-Jun Yoon,et al.  More Efficient and Secure Remote User Authentication Scheme using Smart Cards , 2005, 11th International Conference on Parallel and Distributed Systems (ICPADS'05).

[7]  Hung-Yu Chien,et al.  A remote authentication scheme preserving user anonymity , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[8]  Yixian Yang,et al.  Improved Remote User Authentication Scheme Preserving User Anonymity , 2007, Fifth Annual Conference on Communication Networks and Services Research (CNSR '07).

[9]  Ashutosh Saxena,et al.  A dynamic ID-based remote user authentication scheme , 2004, IEEE Transactions on Consumer Electronics.

[10]  Hung-Yu Chien,et al.  An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[11]  C. Bindu,et al.  Improved Remote User Authentication Scheme Preserving User Anonymity , 2008 .

[12]  Chien-Ming Chen,et al.  Cryptanalysis of a Variant of Peyravian-Zunic's Password Authentication Scheme , 2003 .

[13]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[14]  Hu Zheng-ming A New Mutual User Authentication Scheme Using Smart Card , 2005 .