Cryptanalysis of User Authentication Scheme Preserving Anonymity for Ubiquitous Devices

As the mobile network such as using cell phone, tablet PC, notebook services are gradually increased, a smart card comes to one of the useful thing, because of its convenience and portable. Contemporary, smart card-based authentication also can be one of the most generally authentication method. In 2015, Djellali et al. proposed user authentication scheme with preserving user anonymity and mutual authentication. Also, it provides light and profitable mechanism which can be easily applied to limited power or resources. They claimed their scheme is resisted many networks threat. Unfortunately, we discover some vulnerable weakness. In this paper, we demonstrate that their scheme is still unstable to some network threats, such as insider attack, offline-password guessing attack, impersonation attack and replay attack.

[1]  Wang Shiuh-Jeng,et al.  Refereed paper: Smart card based secure password authentication scheme , 1996 .

[2]  Younsung Choi Security Enhanced Anonymous Multiserver Authenticated Key Agreement Scheme Using Smart Cards and Biometrics , 2014, IACR Cryptol. ePrint Arch..

[3]  Dongho Won,et al.  An Efficient User Authentication Scheme with Smart Cards for Wireless Communications , 2013 .

[4]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[5]  Chin-Chen Chang,et al.  An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem , 2009, Comput. Secur..

[6]  Pascal Lorenz,et al.  User authentication scheme preserving anonymity for ubiquitous devices , 2015, Secur. Commun. Networks.

[7]  Dengguo Feng,et al.  An improved smart card based password authentication scheme with provable security , 2009, Comput. Stand. Interfaces.

[8]  Wen-Shenq Juang,et al.  Efficient password authenticated key agreement using smart cards , 2004, Comput. Secur..

[9]  Hung-Yu Chien,et al.  A remote authentication scheme preserving user anonymity , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[10]  Ronggong Song Advanced smart card based password authentication protocol , 2010, Comput. Stand. Interfaces.

[11]  Juan E. Tapiador,et al.  EMAP: An Efficient Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, OTM Workshops.