An improved dynamic ID-based remote user authentication with key agreement scheme

In recent years, several dynamic ID-based remote user authentication schemes have been proposed. In 2012, Wen and Li proposed a dynamic ID-based remote user authentication with key agreement scheme. They claimed that their scheme can resist impersonation attack and insider attack and provide anonymity for the users. However, we will show that Wen and Li's scheme cannot withstand insider attack and forward secrecy, does not provide anonymity for the users, and inefficiency for error password login. In this paper, we propose a novel ECC-based remote user authentication scheme which is immune to various known types of attack and is more secure and practical for mobile clients

Comments on a secure dynamic ID-based remote user authentication scheme for multi-server environment using smart cards

The security of a dynamic ID-based remote user authentication scheme for multi-server environment using smart cards proposed by Lee et al. [Lee, C-C., Lin, T-H., Chang, R-X., A Secure Dynamic ID based Remote User Authentication Scheme for Multi-server Environment using Smart Cards, Expert Systems with Applications (2011), doi: 10.1016/j.eswa.2011.04.190] is analyzed. Three kinds of attacks are presented in different scenario

ROBUST DYNAMIC ID-BASED REMOTE MUTUAL AUTHENTICATION SCHEME

Dynamic ID based authentication scheme is more and more important in insecure wireless environment and system. Two of kinds of attack that authentication schemes must resist are stealing identity and reflection attack which is a potential way of attacking a challenge- response authentication system using the same protocol in both direc­tions. It must be guaranteed to prevent attackers from reusing informa­tion from authentication phase and the scheme of Yoon and Yoo satisfies those requirements. However, their scheme can not resist insider and impersonation attack by using lost or stolen smart card. In this paper, we demonstrate that Yoon and Yoo’s scheme is still vulnerable to those attacks. Then, we present an improvement to their scheme in order to isolate such problems

Cryptanalysis and improvement of chen-hsiang-shih's remote user authentication scheme using smart cards

Recently, Chen-Hsiang-Shih proposed a new dynamic ID-based remote user authentication scheme. The authors claimed that their scheme was more secure than previous works. However, this paper demonstrates that theirscheme is still unsecured against different kinds of attacks. In order to enhance the security of the scheme proposed by Chen-Hsiang-Shih, a new scheme is proposed. The scheme achieves the following security goals: without verification table, each user chooses and changes the password freely, each user keeps the password secret, mutual authentication, the scheme establishes a session key after successful authentication, and the scheme maintains the user's anonymity. Security analysis and comparison demonstrate that the proposed scheme is more secure than Das-Saxena-Gulati's scheme, Wang et al.'s scheme and Chen-Hsiang-Shih.Peer ReviewedPostprint (published version

Security Analysis of A Dynamic ID-based Remote User Authentication Scheme

Since 1981, when Lamport introduced the remote user authentication scheme using table, a plenty of schemes had been proposed with table and without table using. Recently Das, Saxena and Gulati have proposed A dynamic ID-based remote user authentication scheme. They claimed that their scheme is secure against ID-theft, and can resist the reply attacks, forgery attacks, and insider attacks and so on. In this paper we show that Das et al.’s scheme is completely insecure and using of this scheme is equivalent to an open server access without any password

Weaknesses of a dynamic ID-based remote user authentication scheme

The security of a password authentication scheme using smart cards proposed by Khan et al. is analyzed. Four kinds of attacks are presented in different scenarios. The analyses show that the scheme is insecure for practical application

Weaknesses of a dynamic ID-based remote user authentication scheme

The security of a password authentication scheme using smart cards proposed by Khan et al. is analyzed. Four kinds of attacks are presented in different scenarios. The analyses show that the scheme is insecure for practical application