Skip to main content
SpringerLink
Log in

Weaknesses of a Dynamic ID-Based Remote User Authentication Scheme with Session Key Agreement for Multi-server Environment

  • Conference paper
Book cover Information Technology Convergence, Secure and Trust Computing, and Data Management

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 180))

Abstract

In 2010, Martinez-Pelaez et al. proposed an remote user authentication scheme with session key agreement for multi-server environment. They claimed that their scheme is efficient and secure against known attacks. However, this work shows that Martinez-Pelaez et al.’s scheme is exposed to various attacks. In this paper, we describe that Martinez-Pelaez et al.’s scheme is vulnerable to masquerade attack, server spoofig attack, stolen smart card attack, and is not easily repairable.

This research was supported by the KCC(Korea Communications Commission), Korea, under the R&D program supervised by the KCA(Korea Communications Agency) (KCA-2012-12-912-06-003).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bellovin, S.M., Merritt, M.: Limitations of the Kerberos authentication system. ACM Computer Communication Review 20(5), 119–132 (1990)

    Article  Google Scholar 

  2. Bird, R., Gopal, I., Herzberg, A., Janson, P.A., Kutten, S., Molva, R., Yung, M.: Systematic design of a family of attack-resistant authentication protocols. IEEE Journal on Selected Areas in Communications 11(5), 679–693 (1993)

    Article  Google Scholar 

  3. Diffie, W., van Oorschot, P.C., Wiener, M.J.: Authentication and authenticated key exchange. Designs, Codes and Cryptography 2(2), 107–125 (1992)

    Article  MathSciNet  Google Scholar 

  4. Gong, L.: A security risk of depending on synchronized clocks. ACM SIGOPS Operating Systems Review 26(1), 49–53 (1992)

    Article  Google Scholar 

  5. Liao, K.C., Lee, W.-H.: A Novel User Authentication Scheme Based on QR-Code. Journal of Networks 5, 937–941 (2010)

    Article  Google Scholar 

  6. Wang, J.-S., Yang, F.-Y., Paik, I.: A Novel E-cash Payment Protocol Using Trapdoor Hash Function on Smart Mobile Devices. International Journal of Computer Science and Network Security 11(6), 12–19 (2011)

    Google Scholar 

  7. Schneier, B.: Two-Factor Authentication: Too Little, Too Late, in Inside Risks 178. Communications of the ACM 48(4) (2005)

    Google Scholar 

  8. Aloul, F., Zahidi, S., EI-Hajj, W.: Two Factor Authentication Using Mobile Phones. Computer Systems and Applications, 641–649 (2009)

    Google Scholar 

  9. Park, N., Kwak, J., Kim, S., Won, D., Kim, H.: WIPI Mobile Platform with Secure Service for Mobile RFID Network Environment. In: Shen, H.T., Li, J., Li, M., Ni, J., Wang, W. (eds.) APWeb Workshops 2006. LNCS, vol. 3842, pp. 741–748. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  10. Park, N.: Security Scheme for Managing a Large Quantity of Individual Information in RFID Environment. In: Zhu, R., Zhang, Y., Liu, B., Liu, C. (eds.) ICICA 2010. CCIS, vol. 106, pp. 72–79. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  11. Park, N.: Secure UHF/HF Dual-Band RFID: Strategic Framework Approaches and Application Solutions. In: Jędrzejowicz, P., Nguyen, N.T., Hoang, K. (eds.) ICCCI 2011, Part I. LNCS, vol. 6922, pp. 488–496. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  12. Park, N.: Implementation of Terminal Middleware Platform for Mobile RFID computing. International Journal of Ad Hoc and Ubiquitous Computing 8(4), 205–219 (2011)

    Article  Google Scholar 

  13. Park, N., Song, Y.: Secure RFID Application Data Management Using All-Or-Nothing Transform Encryption. In: Pandurangan, G., Anil Kumar, V.S., Ming, G., Liu, Y., Li, Y. (eds.) WASA 2010. LNCS, vol. 6221, pp. 245–252. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  14. Park, N.: The Implementation of Open Embedded S/W Platform for Secure Mobile RFID Reader. The Journal of Korea Information and Communications Society 35(5), 785–793 (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Information and Communication Engineering, Sungkyunkwan University, 300 Cheoncheon-dong, Jangan-gu, Suwon-si, Gyeonggi-do, 440-746, Korea

    Mijin Kim & Dongho Won

  2. Department of Computer Education, Teachers College, Jeju National University, Jeju, Korea

    Namje Park

Authors
  1. Mijin Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Namje Park
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dongho Won
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mijin Kim .

Editor information

Editors and Affiliations

  1. SeoulTech, Computer Science and Engineering, Seoul University Science & Technology, Gongreung 2-dong 172, Seoul, 139-743, Korea, Republic of (South Korea)

    Jong Hyuk (James) Park

  2. , Division of e-Business, Kyungnam University, Changwon, Korea, Republic of (South Korea)

    Jongsung Kim

  3. , Department of Information Security, Huazhong University of Science and Techn, Luoyu Road 1037, Wuhan, 430074, China, People's Republic

    Deqing Zou

  4. , Division of Computer Engineering, Mokwon University, 800 Doan-dong, Seo-gu, Daejeon, 302-729, Korea, Republic of (South Korea)

    Yang Sun Lee

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer Science+Business Media Dordrecht

About this paper

Cite this paper

Kim, M., Park, N., Won, D. (2012). Weaknesses of a Dynamic ID-Based Remote User Authentication Scheme with Session Key Agreement for Multi-server Environment. In: Park, J., Kim, J., Zou, D., Lee, Y. (eds) Information Technology Convergence, Secure and Trust Computing, and Data Management. Lecture Notes in Electrical Engineering, vol 180. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-5083-8_29

Download citation

  • DOI: https://doi.org/10.1007/978-94-007-5083-8_29

  • Publisher Name: Springer, Dordrecht

  • Print ISBN: 978-94-007-5082-1

  • Online ISBN: 978-94-007-5083-8

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation