Improvement on the dynamic ID-based remote user authentication scheme

In 2004, Das et al. proposed a dynamic ID-based remote user authentication scheme. Their scheme allows users to select and update their passwords freely, and the server needs not maintain a verifier table. In this paper, we show that their scheme is not secure. Though there are several improvement schemes proposed to fix the flaws. However, we show that all improvement schemes have deficiency on dynamic merit. Finally, we propose an improvement scheme to enhance the security. The improvement scheme has dynamic merit such that adversary cannot trace the users.

[1]  M. Misbahuddin,et al.  A Novel Dynamic ID-Based Remote User Authentication Scheme , 2006, 2006 Annual IEEE India Conference.

[2]  Xin Zhang,et al.  A Modified Dynamic ID-based Remote User Authentication Scheme , 2006, 2006 International Conference on Communications, Circuits and Systems.

[3]  Yu Xiuyuan A Modified Remote User Authentication Scheme Using Smart Cards , 2008 .

[4]  Shiuh-Pyng Shieh,et al.  Password authentication schemes with smart cards , 1999, Comput. Secur..

[5]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[6]  Cheng-Chi Lee,et al.  Security enhancement for a dynamic ID-based remote user authentication scheme , 2005, International Conference on Next Generation Web Services Practices (NWeSP'05).

[7]  Ashutosh Saxena,et al.  A dynamic ID-based remote user authentication scheme , 2004, IEEE Transactions on Consumer Electronics.

[8]  Taekyoung Kwon,et al.  Efficient and secure password-based authentication protocols against guessing attacks , 1998, Comput. Commun..

[9]  Wei-Chi Ku,et al.  Impersonation Attack on a Dynamic ID-Based Remote User Authentication Scheme Using Smart Cards , 2005, IEICE Trans. Commun..

[10]  Cheng-Chi Lee,et al.  A flexible remote user authentication scheme using smart cards , 2002, OPSR.

[11]  Amit K. Awasthi Comment on A dynamic ID-based Remote User Authentication Scheme , 2004, ArXiv.

[12]  Deepak B. Phatak,et al.  Dynamic Remote User Authentication , 2003 .

[13]  Cheng-Chi Lee,et al.  A simple remote user authentication scheme , 2002 .

[14]  Hung-Yu Chien,et al.  An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[15]  Hung-Min Sun,et al.  An Efficient Remote User Authentication Scheme Using Smart Cards , 2000 .

[16]  Amit K. Awasthi,et al.  A remote user authentication scheme using smart cards with forward secrecy , 2003, IEEE Trans. Consumer Electron..

[17]  Cheng-Chi Lee,et al.  A remote user authentication scheme using hash functions , 2002, OPSR.