ROBUST DYNAMIC ID-BASED REMOTE MUTUAL AUTHENTICATION SCHEME

Dynamic ID based authentication scheme is more and more important in insecure wireless environment and system. Two of kinds of attack that authentication schemes must resist are stealing identity and reflection attack which is a potential way of attacking a challenge- response authentication system using the same protocol in both direc­tions. It must be guaranteed to prevent attackers from reusing informa­tion from authentication phase and the scheme of Yoon and Yoo satisfies those requirements. However, their scheme can not resist insider and impersonation attack by using lost or stolen smart card. In this paper, we demonstrate that Yoon and Yoo’s scheme is still vulnerable to those attacks. Then, we present an improvement to their scheme in order to isolate such problems

Cryptanalysis on `Robust Biometrics-Based Authentication Scheme for Multi-server Environment\u27

Authentication plays an important role in an open network environment in order to authenticate two communication parties among each other. Authentication protocols should protect the sensitive information against a malicious adversary by providing a variety of services, such as authentication, user credentials\u27 privacy, user revocation and re-registration, when the smart card is lost/stolen or the private key of a user or a server is revealed. Unfortunately, most of the existing multi-server authentication schemes proposed in the literature do not support the fundamental security property such as the revocation and re-registration with same identity. Recently, in 2014, He and Wang proposed a robust and efficient multi-server authentication scheme using biometrics-based smart card and elliptic curve cryptography (ECC). In this paper, we analyze the He-Wang\u27s scheme and show that He-Wang\u27s scheme is vulnerable to a known session-specific temporary information attack and impersonation attack. In addition, we show that their scheme does not provide strong user\u27s anonymity. Furthermore, He-Wang\u27s scheme cannot support the revocation and re-registration property. Apart from these, He-Wang\u27s scheme has some design flaws, such as wrong password login and its consequences, and wrong password update during password change phase

Cryptanalysis for Secure and Efficient Smart-Card-Based Remote User Authentication Scheme for Multi-server Environment

Multi-server authentication is going to be an integral part of remote authentication with the passage of time. The remote authentication has been part and parcel of internet based communication. In the last decade several multi-server authentication techniques has been presented. However there is still a need of more efficient and robust techniques. Lately, Saraswathi et al., presented a multi-server authentication scheme that has been found under much vulnerability like stolen card attack, misrepresentation attack, and forward secrecy attacks. This paper presents the cryptanalysis for Saraswathi et al. scheme and shows the review analysis