A New Dynamic ID-Based Remote User Authentication Scheme with Forward Secrecy

Forward secrecy is one of the important properties of remote user authentication schemes to limit the effects of eventual failure of the entire system when the long-term private keys of one or more parties are compromised. Recently, Tsai et al. showed that Wang et al.'s dynamic ID-based remote user authentication scheme fails to achieve user anonymity and is vulnerable to user impersonation attack, and proposed an enhanced version to overcome all the identified flaws. In this paper, however, we will point out that, Tsai et al.'s scheme still suffers from the denial of service attack and cannot provide forward secrecy. To remedy these security flaws, we propose an enhanced authentication scheme, which covers all the identified weaknesses of Tsai et al.'s scheme and is more suitable for mobile application scenarios where resource constrained and security concerned.

[1]  Alfred Menezes,et al.  Key Agreement Protocols and Their Security Analysis , 1997, IMACC.

[2]  Hyoung-Kee Choi,et al.  Further Improved Remote User Authentication Scheme , 2011, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[3]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[4]  Yan-yan Wang,et al.  A more efficient and secure dynamic ID-based remote user authentication scheme , 2009, Comput. Commun..

[5]  Bruce Schneier,et al.  Applied cryptography : protocols, algorithms, and source codein C , 1996 .

[6]  Cheng-Chi Lee,et al.  A password authentication scheme over insecure networks , 2006, J. Comput. Syst. Sci..

[7]  Cheng-Chi Lee,et al.  Password Authentication Schemes: Current Status and Key Issues , 2006, Int. J. Netw. Secur..

[8]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[9]  Srivaths Ravi,et al.  A study of the energy consumption characteristics of cryptographic algorithms and security protocols , 2006, IEEE Transactions on Mobile Computing.

[10]  C.-C.,et al.  Remote password authentication with smart cards , 2004 .

[11]  Duncan S. Wong,et al.  The performance measurement of cryptographic primitives on palm devices , 2001, Seventeenth Annual Computer Security Applications Conference.

[12]  Hung-Yu Chien,et al.  A remote authentication scheme preserving user anonymity , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[13]  Jia-Lun Tsai,et al.  New dynamic ID authentication scheme using smart cards , 2010, Int. J. Commun. Syst..

[14]  Ashutosh Saxena,et al.  A dynamic ID-based remote user authentication scheme , 2004, IEEE Transactions on Consumer Electronics.

[15]  Wei-Chi Ku,et al.  Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[16]  Wen-Bing Horng,et al.  A secure remote authentication scheme preserving user anonymity with non-tamper resistant smart cards , 2010 .

[17]  Bernard P. Zajac Applied cryptography: Protocols, algorithms, and source code in C , 1994 .

[18]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[19]  Li Gong,et al.  A security risk of depending on synchronized clocks , 1992, OPSR.

[20]  Bruce Schneier,et al.  Applied cryptography (2nd ed.): protocols, algorithms, and source code in C , 1995 .

[21]  Wenbo Mao,et al.  Modern Cryptography: Theory and Practice , 2003 .

[22]  Colin Boyd,et al.  Cryptography and Coding , 1995, Lecture Notes in Computer Science.

[23]  Wei-Chi Ku,et al.  Weaknesses and improvement of Wang et al.'s remote user password authentication scheme for resource-limited environments , 2009, Comput. Stand. Interfaces.