Security Weaknesses of Dynamic ID-based Remote User Authentication Protocol
Recently, with the appearance of smart cards, many
user authentication protocols using smart card have been proposed to
mitigate the vulnerabilities in user authentication process. In 2004,
Das et al. proposed a ID-based user authentication protocol that is
secure against ID-theft and replay attack using smart card. In 2009,
Wang et al. showed that Das et al.-s protocol is not secure to randomly
chosen password attack and impersonation attack, and proposed an
improved protocol. Their protocol provided mutual authentication and
efficient password management. In this paper, we analyze the security
weaknesses and point out the vulnerabilities of Wang et al.-s protocol.
[1] L. Lamport, "Password authentication with insecure communication,"
Communications of the ACM, vol 24, pp 770-772, 1981
[2] M.S. Hwang, L.H. Li, "A new remote user authentication scheme using
smart cards," IEEE Transactions on Consumer Electronics 46 , pp28-.30, 2000
[3] ML Das, A Saxena, VP Gulati, "A dynamic ID-based remote user
authentication scheme," IEEE Transactions on Consumer Electronics 2004,
volume 50, Issue 2, pp. 629-631, 2004.
[4] Y Wang, J Liu, F Xiao, J Dan, "A more efficient and secure dynamic
ID-based remote user authentication scheme," Computer Communications 32,
Volume 32, Issue 4, 2009, pp 583-585
[5] H.M. Sun,"An efficient remote user authentication scheme using
smartcards," IEEE Transactions on Consumer Electronics 46, pp 958-961.
2000
[6] YP Liao, SS Wang, "A secure dynamic ID based remote user authentication
scheme for multi-server environment," Computer Standards & Interfaces,
Volume 31, Issue 1, pp 24-29, 2009
[7] HC Hsiang, WK Shih, "improvement of the secure dynamic id based remote
user authentication scheme for multi-server environment,"Computer Standards
& Interfaces 31, Issue 6, 2008, pp 1118-1123, 2008
[8] T.S. Messergers, E.A. Dabbish, R.H. Sloan, "Examining smart card security
under the threat of power analysis attacks," IEEE Trans. Comput. 51, pp
541-.552. 2002
[1] L. Lamport, "Password authentication with insecure communication,"
Communications of the ACM, vol 24, pp 770-772, 1981
[2] M.S. Hwang, L.H. Li, "A new remote user authentication scheme using
smart cards," IEEE Transactions on Consumer Electronics 46 , pp28-.30, 2000
[3] ML Das, A Saxena, VP Gulati, "A dynamic ID-based remote user
authentication scheme," IEEE Transactions on Consumer Electronics 2004,
volume 50, Issue 2, pp. 629-631, 2004.
[4] Y Wang, J Liu, F Xiao, J Dan, "A more efficient and secure dynamic
ID-based remote user authentication scheme," Computer Communications 32,
Volume 32, Issue 4, 2009, pp 583-585
[5] H.M. Sun,"An efficient remote user authentication scheme using
smartcards," IEEE Transactions on Consumer Electronics 46, pp 958-961.
2000
[6] YP Liao, SS Wang, "A secure dynamic ID based remote user authentication
scheme for multi-server environment," Computer Standards & Interfaces,
Volume 31, Issue 1, pp 24-29, 2009
[7] HC Hsiang, WK Shih, "improvement of the secure dynamic id based remote
user authentication scheme for multi-server environment,"Computer Standards
& Interfaces 31, Issue 6, 2008, pp 1118-1123, 2008
[8] T.S. Messergers, E.A. Dabbish, R.H. Sloan, "Examining smart card security
under the threat of power analysis attacks," IEEE Trans. Comput. 51, pp
541-.552. 2002
@article{"International Journal of Electrical, Electronic and Communication Sciences:50308", author = "Hyoungseob Lee and Donghyun Choi and Yunho Lee and Dongho Won and Seungjoo Kim", title = "Security Weaknesses of Dynamic ID-based Remote User Authentication Protocol", abstract = "Recently, with the appearance of smart cards, many
user authentication protocols using smart card have been proposed to
mitigate the vulnerabilities in user authentication process. In 2004,
Das et al. proposed a ID-based user authentication protocol that is
secure against ID-theft and replay attack using smart card. In 2009,
Wang et al. showed that Das et al.-s protocol is not secure to randomly
chosen password attack and impersonation attack, and proposed an
improved protocol. Their protocol provided mutual authentication and
efficient password management. In this paper, we analyze the security
weaknesses and point out the vulnerabilities of Wang et al.-s protocol.", keywords = "Message Alteration Attack, Impersonation Attack", volume = "3", number = "11", pages = "1919-4", }