Dynamic ID-based remote user password authentication schemes using smart cards: A review

Remote user authentication is a mechanism, in which the remote server verifies the legitimacy of a user over an insecure communication channel. Until now, there have been ample of remote user authentication schemes published in the literature and each published scheme has its own merits and demerits. A common feature among most of the published schemes is that the user's identity (ID) is static in all the transaction sessions, which may leak some information about that user and can create risk of identity theft during the message transmission. To overcome this risk, many researchers have proposed dynamic ID based remote user authentication schemes. In this paper, we have defined all the security requirements and all the goals an ideal password authentication scheme should satisfy and achieve. We have presented the results of our survey through six of the currently available dynamic ID based remote user authentication schemes. All the schemes are vulnerable to guessing attack except Khan et al.'s scheme, and do not meet the goals such as session key agreement, secret key forward secrecy. In the future, we hope an ideal dynamic ID based password authentication scheme, which meets all the security requirements and achieves all the goals can be developed.

[1]  Kee-Young Yoo,et al.  Improved efficient remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[2]  M.K. Khan,et al.  An efficient and secure remote mutual authentication scheme with smart cards , 2008, 2008 International Symposium on Biometrics and Security Technologies.

[3]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[4]  Xiaomin Wang,et al.  Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards , 2007, Comput. Stand. Interfaces.

[5]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[6]  Yaqing Tu,et al.  An improvement of dynamic ID-based remote user authentication scheme with smart cards , 2008, 2008 7th World Congress on Intelligent Control and Automation.

[7]  Hung-Min Sun,et al.  An efficient remote use authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[8]  Hung-Min Sun,et al.  An Efficient Remote User Authentication Scheme Using Smart Cards , 2000 .

[9]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[10]  Wei-Chi Ku,et al.  Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[11]  Duncan S. Wong,et al.  Improved Efficient Remote User Authentication Schemes , 2007, Int. J. Netw. Secur..

[12]  Min-Shiang Hwang,et al.  DoS-resistant ID-based password authentication scheme using smart cards , 2010, J. Syst. Softw..

[13]  Dengguo Feng,et al.  An improved smart card based password authentication scheme with provable security , 2009, Comput. Stand. Interfaces.

[14]  Mohammed Misbahuddin,et al.  Cryptanalysis of Liao-Lee-Hwang's Dynamic ID Scheme , 2008, Int. J. Netw. Secur..

[15]  Geeng-Kwei Chang,et al.  Improvement on the dynamic ID-based remote user authentication scheme , 2008, 2008 International Conference on Machine Learning and Cybernetics.

[16]  Eun-Jun Yoon,et al.  Improving the Dynamic ID-Based Remote Mutual Authentication Scheme , 2006, OTM Workshops.

[17]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[18]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[19]  Mohammed Aijaz Ahmed,et al.  Cryptanalysis of a more efficient and secure dynamic id-based remote user authentication scheme , 2010, ArXiv.

[20]  Xiaotie Deng,et al.  Two-factor mutual authentication based on smart cards and passwords , 2008, J. Comput. Syst. Sci..

[21]  Wei-Chi Ku,et al.  Impersonation Attack on a Dynamic ID-Based Remote User Authentication Scheme Using Smart Cards , 2005, IEICE Trans. Commun..

[22]  Wang Shiuh-Jeng,et al.  Refereed paper: Smart card based secure password authentication scheme , 1996 .

[23]  Shiuh-Pyng Shieh,et al.  Password authentication schemes with smart cards , 1999, Comput. Secur..

[24]  Wei-Kuan Shih,et al.  Weaknesses and improvements of the Yoon-Ryu-Yoo remote user authentication scheme using smart cards , 2009, Comput. Commun..

[25]  Hung-Yu Chien,et al.  A remote authentication scheme preserving user anonymity , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[26]  Chun-I Fan,et al.  Robust remote authentication scheme with smart cards , 2005, Comput. Secur..

[27]  Yan-yan Wang,et al.  A more efficient and secure dynamic ID-based remote user authentication scheme , 2009, Comput. Commun..

[28]  Cheng-Chi Lee,et al.  Security enhancement for a dynamic ID-based remote user authentication scheme , 2005, International Conference on Next Generation Web Services Practices (NWeSP'05).

[29]  Muhammad Khurram Khan,et al.  Cryptanalysis and security enhancement of a 'more efficient & secure dynamic ID-based remote user authentication scheme' , 2011, Comput. Commun..

[30]  Chunhua Su,et al.  Two robust remote user authentication protocols using smart cards , 2010, J. Syst. Softw..

[31]  Min-Shiang Hwang,et al.  A modified remote user authentication scheme using smart cards , 2003, IEEE Trans. Consumer Electron..

[32]  Amit K. Awasthi,et al.  An enhanced remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[33]  Eun-Jun Yoon,et al.  An improvement of Hwang-Lee-Tang's simple remote user authentication scheme , 2005, Comput. Secur..

[34]  Ashutosh Saxena,et al.  A dynamic ID-based remote user authentication scheme , 2004, IEEE Transactions on Consumer Electronics.

[35]  Deren Chen,et al.  A Novel User Authentication Scheme Using Smart Cards , 2008, 2008 International Conference on Computer Science and Software Engineering.

[36]  Cheng-Chi Lee,et al.  A flexible remote user authentication scheme using smart cards , 2002, OPSR.

[37]  Amit K. Awasthi Comment on A dynamic ID-based Remote User Authentication Scheme , 2004, ArXiv.