Skip to main content
SpringerLink
Log in

A New Dynamic ID-Based User Authentication Scheme Using Mobile Device: Cryptanalysis, the Principles and Design

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

The remote user authentication scheme is an important security technology, which provides authentication service before a user accesses the service provided by the remote server. In this paper, we analyze the security and design flaws of a recently proposed dynamic ID authentication and key agreement scheme by Lin. We find Lin’s scheme is totally cannot be used in real applications because of the following weaknesses: it has some design drawbacks such as it does not have the wrong password detection mechanism and its password change phase is incorrect; the user can login to the server using any wrong identity or password because of the inherent defects in the design of the authentication message; at the same time, Lin’s scheme is vulnerable to the mobile device loss attack and denial of service attack. For security considerations, we propose some principles which should be followed in the design of the user authentication schemes. According to these design principles, we design a new dynamic ID-based user authentication scheme using mobile device. We formally analyze the security features of the proposed scheme using BAN logic, and give the provable security analysis in random oracle model. Besides, we also discuss our scheme can resist other well known attacks. The functionality and performance comparisons shown that the proposed scheme enhances the security features and keeps the efficiency at the same time.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

Notes

  1. Where the right pair should be (\(e_i^{\prime }=r_i^{\prime }\oplus H_s, Z_i^{\prime } \equiv g^{r_i^{\prime }}\) mod \(p\)), and have the relation of \(Z_i^{\prime } \equiv g^{e_i^{\prime }\oplus H_s}\) mod \(p\).

References

  1. Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.

    Article  MathSciNet  Google Scholar 

  2. Wen, F. T., & Li, X. L. (2011). An improved dynamic ID-based remote user authentication with key agreement scheme. Computers & Electrical Engineering, 38(2), 381–387.

    Article  Google Scholar 

  3. Li, X., Niu, J. W., Khan, M. K., & Wang, Z. B. (2013). Applying LU decomposition of matrices to design anonymity bilateral remote user authentication scheme. Mathematical Problems in Engineering, 910409, 10. doi:10.1155/2013/910409.

    MathSciNet  MATH  Google Scholar 

  4. Chen, B. L., Kuo, W. C., & Wuu, L. C. (2014). Robust smart-card-based remote user password authentication scheme. International Journal of Communication Systems, 27(2), 377–389.

    Article  Google Scholar 

  5. Li, X., Niu, J. W., Khan, M. K., & Liao, J. G. (2013). An enhanced smart card based remote user password authentication scheme. Journal of Network and Computer Applications, 36(5), 1365–1371.

    Article  Google Scholar 

  6. Jiang, Q., Ma, J. F., Li, G. S., & Li, X. H. (2015). Improvement of robust smart-card-based password authentication scheme. International Journal of Communication Systems, 28(2), 383–393.

    Article  Google Scholar 

  7. Chang, Y. F., Tai, W. L., & Chang, H. C. (2014). Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update. International Journal of Communication Systems, 27(11), 3430–3440.

    Google Scholar 

  8. Li, X., Niu, J. W., Liao, J. G., & Liang, W. (2015). Cryptanalysis of a dynamic identity based remote user authentication scheme with verifiable password update. International Journal of Communication Systems, 28(2), 374–382.

    Article  Google Scholar 

  9. Das, M. L., Saxena, A., & Gulati, V. P. (2004). A dynamic ID-based remote user authentication scheme. IEEE Transactions on Consumer Electronics, 50(2), 629–631.

    Article  Google Scholar 

  10. Liao, Y. P., & Wang, S. S. (2009). A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces, 31(1), 24–29.

    Article  Google Scholar 

  11. Hsiang, H. C., & Shih, W. K. (2009). Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces, 31(6), 1118–1123.

    Article  Google Scholar 

  12. Sood, S. K., Sarje, A. K., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications, 34(2), 609–618.

    Article  Google Scholar 

  13. Li, X., Xiong, Y. P., Ma, J., & Wang, W. D. (2012). An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications, 35(2), 763–769.

    Article  Google Scholar 

  14. Lee, C. C., Lin, T. H., & Chang, R. X. (2011). A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications, 38(11), 13863–13870.

    Google Scholar 

  15. Li, X., Ma, J., Wang, W. D., Xiong, Y. P., & Zhang, J. S. (2013). A novel smart card and dynamic ID based remote user authentication scheme for multi-server environment. Mathematical and Computer Modelling, 58(1–2), 85–95.

    Article  Google Scholar 

  16. Wang, B., & Ma, M. D. (2013). A smart card based efficient and secured multi-server authentication scheme. Wireless Personal Communications, 68(2), 361–378.

    Article  Google Scholar 

  17. He, D. B., & Hu, H. (2012). Cryptanalysis of a smartcard-based user authentication scheme for multi-server environments. IEICE Transactions on Communications, E95–B(9), 3052–3054.

    Article  Google Scholar 

  18. He, D. B., & Wu, S. H. (2013). Security flaws in a smart card based authentication scheme for multi-server environment. Wireless Personal Communications, 70(1), 323–329.

    Article  Google Scholar 

  19. Madhusudhan, R., & Mittal, R. C. (2012). Dynamic ID-based remote user password authentication schemes using smart cards: A review. Journal of Network and Computer Applications, 35(4), 1235–1248.

    Article  Google Scholar 

  20. Li, C. T., & Hwang, M. S. (2010). An efficient biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications, 33(1), 1–5.

    Article  Google Scholar 

  21. Li, X., Niu, J. W., Ma, J., Wang, W. D., & Liu, C. L. (2011). Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications, 34(1), 73–79.

    Article  Google Scholar 

  22. Das, A. K. (2011). Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Information Security, 5(3), 145–151.

    Article  Google Scholar 

  23. Li, X., Niu, J. W., Wang, Z. B., & Chen, C. S. (2014). Applying biometrics to design three-factor remote user authentication scheme with key agreement. Security and Communication Networks, 7(10), 1488–1497.

    Google Scholar 

  24. Yoon, E. J., & Yoo, K. Y. (2013). Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. The Journal of Supercomputing, 63(1), 235–255.

    Article  Google Scholar 

  25. Li, X., Niu, J. W., Khan, M. K., Liao, J. G., & Zhao, X. K. (2013). Robust three-factor remote user authentication scheme with key agreement for multimedia systems. Security and Communication Networks, 5, 26. doi:10.1002/sec.961.

    Google Scholar 

  26. Xu, J., Zhu, W. T., & Feng, D. G. (2011). An efficient mutual authentication and key agreement protocol preserving user anonymity in mobile networks. Computer Communications, 34(3), 319–325.

    Article  Google Scholar 

  27. He, D. J., Ma, M. D., Zhang, Y., Chen, C., & Bu, J. J. (2011). A strong user authentication scheme with smart cards for wireless communications. Computer Communications, 34(3), 367–374.

    Article  Google Scholar 

  28. Yoon, E. J., Yoo, K. Y., & Ha, K. S. (2011). A user friendly authentication scheme with anonymity for wireless communications. Computers & Electrical Engineering, 37(3), 356–364.

    Article  Google Scholar 

  29. Niu, J. W., & Li, X. (2014). A novel user authentication scheme with anonymity for wireless communications. Security and Communication Networks, 7(10), 1467–1476.

    MathSciNet  Google Scholar 

  30. Wen, F. T., Susilo, W., & Yang, G. M. (2013). A secure and effective anonymous user authentication scheme for roaming service in global mobility networks. Wireless Personal Communications, 73(3), 993–1004.

    Article  Google Scholar 

  31. Lin, H. Y. (2014). Efficient mobile dynamic ID authentication and key agreement scheme without trusted servers. International Journal of Communication Systems, 5, 6. doi:10.1002/dac.2818.

    Google Scholar 

  32. Burrows, M., Abadi, M., & Needham, R. M. (1871). A logic of authentication. Proceedings of the Royal Society of London A-Mathematical and Physical Sciences, 1989(426), 233–271.

    MATH  MathSciNet  Google Scholar 

  33. Li, X., Niu, J. W., Kumari, S., Liao, J. G., & Liang, W. (2015). An enhancement of a smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 80(1), 175–192.

    Article  MathSciNet  Google Scholar 

  34. Bellare, M., & Rogaway, P. (1993). Random oracles are practical: A paradigm for designing efficient protocols. In Proceedings of the 1st ACM conference on computer and communications security ( pp. 62–73). ACM

  35. Rivest, R., & Burt, K. J. (2011). Rsa problem. In H. van Tilborg & S. Jajodia (Eds.), Encyclopedia of cryptography and security (pp. 1065–1069). US: Springer.

    Google Scholar 

  36. Ma, C. G., Wang, D., & Zhao, S. D. (2014). Security flaws in two improved remote user authentication schemes using smart cards. International Journal of Communication Systems, 27(10), 2215–2227.

    Article  Google Scholar 

  37. Wang, D., & Wang, P. (2014). Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks. Ad Hoc Networks, 20, 1–15.

    Article  Google Scholar 

  38. Tsai, J. L., Wu, T. C., & Tsai, K. Y. (2010). New dynamic ID authentication scheme using smart cards. International Journal of Communication Systems, 23(12), 1449–1462.

    Article  Google Scholar 

Download references

Acknowledgments

This work was supported by the National Natural Science Foundation of China under Grant Nos. 61300220 and 61202462, the Research Fund of the State Key Laboratory of Software Development Environment, BUAA under Grant No. SKLSDE-2014KF-02, the China Postdoctoral Science Foundation Funded Project under Grant No. 2014M550590, the Scientific Research Fund of Hunan Provincial Education Department (Nos. 13C324 and 14A047), and the National Nature Science Foundation of Hunan province under Grant No. 13JJ3091. Besides, the authors extend their sincere appreciations to the Deanship of Scientific Research at King Saud University for its funding this Prolific Research Group (PRG-1436-16).

Author information

Authors and Affiliations

  1. School of Computer Science and Engineering, Hunan University of Science and Technology, Xiangtan, 411201, China

    Xiong Li, Junguo Liao & Wei Liang

  2. State Key Laboratory of Software Development Environment, School of Computer Science and Engineering, Beihang University, Beijing, 100191, China

    Xiong Li

  3. Department of Mathematics, Chaudhary Charan Singh University, Meerut, 250005, Uttar Pradesh, India

    Saru Kumari

  4. Department of Computer Science and Engineering, Xiamen Institute of Technology, Xiamen, 361021, China

    Fan Wu

  5. Center of Excellence in Information Assurance, King Saud University, Riyadh, 11653, Saudi Arabia

    Muhammad Khurram Khan

Authors
  1. Xiong Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Junguo Liao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Saru Kumari
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Wei Liang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Fan Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Muhammad Khurram Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Junguo Liao.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Li, X., Liao, J., Kumari, S. et al. A New Dynamic ID-Based User Authentication Scheme Using Mobile Device: Cryptanalysis, the Principles and Design. Wireless Pers Commun 85, 263–288 (2015). https://doi.org/10.1007/s11277-015-2737-z

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-015-2737-z

Keywords

Search

Navigation