论文信息 - Security of Dynamic ID-Based Remote User Authentication Scheme

Security of Dynamic ID-Based Remote User Authentication Scheme

Recently, Wang et al. proposed a new dynamic ID-based remote user authentication scheme which is an improvement of Das et al.'s scheme. They claimed their scheme is efficient and secure. After thorough analyses, we find Wang et al.'s scheme suffers from masquerade attacks because an attacker can choose an identity at will and be authenticated by the remote server successfully. In this paper, we will demonstrate how to mount masquerade attacks on Wang et al.'s proposed scheme.

Ya-Fen Chang | Hung-Chin Chang

[1] Chin-Chen Chang,et al. An efficient and secure multi-server password authentication scheme using smart cards , 2004, 2004 International Conference on Cyberworlds.

[2] Sung-Ming Yen,et al. Shared Authentication Token Secure Against Replay and Weak Key Attacks , 1997, Inf. Process. Lett..

[3] Duncan S. Wong,et al. Improved Efficient Remote User Authentication Schemes , 2007, Int. J. Netw. Secur..

[4] Leslie Lamport,et al. Password authentication with insecure communication , 1981, CACM.

[5] Stephen M. Matyas,et al. Cryptographic Authentication of Time-Invariant Quantities , 1981, IEEE Trans. Commun..

[6] Yan-yan Wang,et al. A more efficient and secure dynamic ID-based remote user authentication scheme , 2009, Comput. Commun..

[7] Min-Shiang Hwang,et al. A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[8] Ashutosh Saxena,et al. A dynamic ID-based remote user authentication scheme , 2004, IEEE Transactions on Consumer Electronics.