Abstract
In 2005, Liao et al. pointed out some weaknesses in Das et al.’s dynamic ID-based scheme. They proposed a slight modification to Das et al.’s scheme to improve its weaknesses. In 2008, Gao-Tu, and in 2010, Sood et al., found vulnerabilities in Liao et al.’s scheme; and independently proposed its security enhanced versions. However, we identify that Gao-Tu’s scheme is insecure against user impersonation attack, server counterfeit attack, man in the middle attack, server’s resource exhaustion attack and does not provide session key agreement. We also demonstrate that Sood et al.’s scheme is still vulnerable to malicious user attack in different ways and user’s password is revealed to the server. Besides both the schemes have no provision for revocation of lost or stolen smart card. Our cryptanalysis results are important for security engineers, who are responsible for the design and development of smart card-based user authentication systems.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Chang, C.C., Wu, T.C.: Remote Password Authentication with Smart Cards. IEE Proceedings-E 138(3), 165–168 (1991)
Hwang, M.S., Li, L.H.: A New Remote User Authentication Scheme using Smart Cards. IEEE Trans. on Cons. Elect. 46(1), 28–30 (2000)
Juang, W.S.: Efficient Password Authenticated Key Agreement using Smart Cards. Computers and Security 23(2), 167–173 (2004)
Fan, C.I., Chan, Y.C., Zhang, Z.K.: Robust Remote Authentication Scheme with Smart Cards. Computers and Security 24(8), 619–628 (2005)
Das, M.L., Saxena, A., Gulati, V.P.: A dynamic ID-based remote user authentication scheme. IEEE Trans. on Cons. Elect. 50(2), 629–631 (2004)
Liao, I.E., Lee, C.C., Hwang, M.S.: Security enhancement for a dynamic ID-based remote user authentication scheme. In: International Conference on Next Generation Web Services Practices, pp. 437–440. IEEE CS Press, Los Alamitos (2005)
Chien, H.Y., Chen, C.H.: A Remote Authentication Scheme Preserving User Anonymity. In: Proc. 19th Inter. Conf. Advd. Infmn. Netw. and Applns.,Taipei, Taiwan, vol. 2, pp. 245–248 (2005)
Zhang, X., Feng, Q.Y., Li, M.: A Modified Dynamic ID-Based Remote User Authentication Scheme. In: Proc. of Inter. Conf. on Communcs. Circuits and Syst., vol. 3, pp. 1602–1604 (2006)
Misbahuddin, M., Ahmed, M.A., Rao, A.A., Bindu, C.S., Khan, M.A.M.: A Novel Dynamic-ID Based Remote User Authentication Scheme. In: Annual India Conf., pp. 1–5 (2006)
Liao, I.E., Lee, C.C., Hwang, M.S.: A Password Authentication Scheme over Insecure Networks. Journal of Computer and System Sciences 72, 727–740 (2006)
Gao, Z.X., Tu, Y.Q.: An Improvement of a Dynamic ID-Based Remote User Authentication Scheme with Smart Card. In: Proc. Of the 7th World Congress on Intelligent Control and Automation, pp. 4562–4567 (2008)
Sood, S.K., Sarjee, A.K., Singh, K.: An Improvement of Liao et al.’s Authentication Scheme using Smart Card. In: IEEE 2nd International Advance Computing Conf., pp. 240–245 (2010)
Ku, W.C., Chang, S.T.: Impersonation Attack On A Dynamic ID-Based Remote User Authentication Scheme using Smart Cards. IEICE Transactions on Communications E88-B(5), 2165–2167 (2005)
Manoj, K.: On the Security Vulnerabilities of a Hash Based Strong Password Authentication Scheme, Cryptology ePrint Archive: a publication of The International Association for Cryptologic Research (IACR), Santa Rosa Administrative Center, University of California, Santa Barbara, CA, 93106-6120, USA, Report (2009), http://www.eprint.iacr.org/2009/560
Manoj, K., Gupta, M.K., Kumari, S.: A Remote Login Authentication Scheme with Smart Cards Based on Unit Sphere. Indian Journal of Computer Science and Engineering 11(3), 192–198 (2010) ISSN: 0976-5166
Manoj, K.: Security Vulnerabilities of a Novel Remote User Authentication Scheme Using Smart Card Based on ECDLP. Contemporary Computing, Communications in Computer and Information Science 95(5), 252–259 (2010) ISSN: 1865-0929
Manoj, K.: An Enhanced remote user authentication scheme with smart cards. International Journal of Network Security 10(3) (2010) ISSN 1816-353X (Print) ISSN 1816-3548 (Online)
Manoj, K.: A New Secure Remote User Authentication Scheme with Smart Cards. International Journal of Network Security 11(2), 88–93 (2010) ISSN 1816-353X (Print), ISSN 1816-3548(Online)
Manoj, K.: New Remote User Authentication Scheme with Smart Cards. IEEE Trans. Consumer Electronic 50(2), 597–600 (2004) ISSN: 0098-3063
Manoj, K.: Some Remarks on a Remote User Authentication Scheme Using Smart Cards with Forward Secrecy. IEEE Trans. Consumer Electronic 50(2), 615–618 (2004) ISSN: 0098-3063
Yeh, K.-H., et al.: Two Robust Remote User Authentication Protocols Using Smart Cards. Journal of System and Software (2010), doi:10.1016/j.jss.2010.07.062
Wang, Y.Y., Liu, J.Y., Xiao, F.X., Dan, J.: A More Efficient and Secure Dynamic ID-based Remote User Authentication Scheme. Computer Communications 32, 583–585 (2009)
Hsiang, H.C., Shih, W.K.: Weaknesses and Improvements of the Yoon–Ryu–Yoo Remote User Authentication Scheme Using Smart Cards. Computer Communications 32, 649–652 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kumar, M., Gupta, M.K., Kumari, S. (2011). Cryptanalysis of Enhancements of a Password Authentication Scheme over Insecure Networks. In: Aluru, S., et al. Contemporary Computing. IC3 2011. Communications in Computer and Information Science, vol 168. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22606-9_51
Download citation
DOI: https://doi.org/10.1007/978-3-642-22606-9_51
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22605-2
Online ISBN: 978-3-642-22606-9
eBook Packages: Computer ScienceComputer Science (R0)