An Improved Anonymous Remote user Authentication Scheme with Key Agreement based on Dynamic Identity

To keep the pace with the development of internet technology, remote user authentication techniques become more and more important to protect user’s privacy. Recently, Kumari, et al., presented an improved remote user authentication scheme with key agreement based on dynamic-identity using smart card. This scheme allows legal users to change the password at his will without the need to connect the server. They claimed that their scheme could resist smart card stolen or loss attack, user impersonation and server masquerading attack, and provide user anonymity and untraceability and so on. However, our research indicates that their scheme is completely unsafe. Furthermore, the scheme can’t provide the proper mutual authentication. In this manuscript, we will propose a new scheme, which can withstand those attacks mentioned above and provide the perfect user anonymity and forward secrecy. Security analysis makes it clear that the improved scheme apparently is more secure and practical.

[1]  Ya-Fen Chang,et al.  Security of Dynamic ID-Based Remote User Authentication Scheme , 2009, 2009 Fifth International Joint Conference on INC, IMS and IDC.

[2]  Jenq-Shiou Leu,et al.  Efficient and secure dynamic ID-based remote user authentication scheme for distributed systems using smart cards , 2014, IET Inf. Secur..

[3]  Chin-Chen Chang,et al.  Authentication schemes with no verification table , 2005, Appl. Math. Comput..

[4]  Ashutosh Saxena,et al.  A dynamic ID-based remote user authentication scheme , 2004, IEEE Transactions on Consumer Electronics.

[5]  R. C. Mittal,et al.  Dynamic ID-based remote user password authentication schemes using smart cards: A review , 2012, J. Netw. Comput. Appl..

[6]  Wei-Chi Ku,et al.  Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[7]  Ya-Fen Chang,et al.  Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update , 2014, Int. J. Commun. Syst..

[8]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[9]  Da-Zhi Sun,et al.  On the Privacy of Khan et al.'s Dynamic ID-Based Remote Authentication Scheme with User Anonymity , 2013, Cryptologia.

[10]  Jordi Forné,et al.  Security Improvement of Two Dynamic ID-based Authentication Schemes by Sood-Sarje-Singh , 2013 .

[11]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[12]  Manoj Kumar,et al.  New remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[13]  Yalin Chen,et al.  Efficient Two-Pass Anonymous Identity Authentication Using Smart Card , 2013, IACR Cryptol. ePrint Arch..

[14]  Wei-Kuan Shih,et al.  Weaknesses and improvements of the Yoon-Ryu-Yoo remote user authentication scheme using smart cards , 2009, Comput. Commun..

[15]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[16]  Xuelei Li,et al.  An improved dynamic ID-based remote user authentication with key agreement scheme , 2012, Comput. Electr. Eng..

[17]  Feng Quan-yuan Dynamic ID-based remote user authentication scheme , 2007 .

[18]  Chunguang Ma,et al.  Security flaws in two improved remote user authentication schemes using smart cards , 2014, Int. J. Commun. Syst..

[19]  Ping Zhu,et al.  A Dynamic ID-Based Authentication Scheme Based on ECC for Telecare Medicine Information Systems , 2013 .

[20]  Hung-Yu Chien,et al.  An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[21]  Eun-Jun Yoon,et al.  On the Security of an Efficient and Secure Dynamic ID-Based Remote User Authentication Scheme , 2012, IEICE Trans. Inf. Syst..

[22]  C.-C.,et al.  Remote password authentication with smart cards , 2004 .

[23]  Xiong Li,et al.  An improved remote user authentication scheme with key agreement , 2014, Comput. Electr. Eng..

[24]  Xiaomin Wang,et al.  Security Issues of Chen et al.'s Dynamic ID-Based Authentication Scheme , 2014, 2014 IEEE 12th International Conference on Dependable, Autonomic and Secure Computing.

[25]  Yan-yan Wang,et al.  A more efficient and secure dynamic ID-based remote user authentication scheme , 2009, Comput. Commun..

[26]  Cheng-Chi Lee,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards , 2011, Expert Syst. Appl..

[27]  Cheng-Chi Lee,et al.  A simple remote user authentication scheme , 2002 .

[28]  Seung-Soo Shin,et al.  Remote User Authentication Scheme using Smart Cards , 2009 .

[29]  Wei Liang,et al.  Robust dynamic ID-based remote user authentication scheme using smart cards , 2014, Int. J. Ad Hoc Ubiquitous Comput..

[30]  Xuelei Li,et al.  Cryptanalysis of a New Dynamic ID-based User Authentication Scheme to Resist Smart-Card-Theft Attack , 2014 .

[31]  Juan Qu,et al.  An Improved Dynamic ID-Based Remote User Authentication with Key Agreement Scheme , 2013, J. Electr. Comput. Eng..