ABSTRACT
Password-based authentication and key agreement protocols for multiserver environments have drawn much attention due to their simplicity and efficiency. Very recently, Amin et al. introduced a password-based authentication and key agreement protocol using smart cards. We review this protocol and point out that it has some security drawbacks. This protocol cannot resist replay attack, server masquerading attack, user impersonation attack and session key computation attack. Besides, this protocol does not provide user anonymity.
- Li-Hua Li, Iuon-Chang Lin, and Min-Shiang Hwang. 2001. A remote password authentication scheme for multiserver architecture using neural networks. IEEE Trans. Neural Networks 12, 6 (2001), 1498--1504. Google ScholarDigital Library
- Woei-Jiunn Tsaur, Wu Chia Chun, and Wei-Bin Lee. 2004. A smart card-based remote scheme for password authentication in multi-server Internet services. 27 (11 2004), 39--51.Google Scholar
- Jia-Lun Tsai. 2008. E cient multi-server authentication scheme based on one-way hash function without verification table. Computers & Security 27, 3--4 (2008), 115--121. Google ScholarDigital Library
- Ren-Chiun Wang, Wen-Shenq Juang, and Chin-Laung Lei. 2009. User authentication scheme with privacy-preservation for multi-server environment. IEEE Communications Letters 13, 2 (2009), 157--159. Google ScholarDigital Library
- Y.P. Liao and S.S. Wang. 2009. A secure dynamic ID based remote user authentication scheme for multi-server environment. 19 (01 2009), 13--22.Google Scholar
- Te-Yu Chen, Min-Shiang Hwang, Cheng-Chi Lee, and Jinn-Ke Jan. 2009. Cryptanalysis of a secure dynamic ID based remote user authentication scheme for multi-server environment. In Innovative Computing, Information and Control (ICICIC), 2009 Fourth International Conference on. IEEE, 725--728. Google ScholarDigital Library
- Han-Cheng Hsiang and Wei-Kuan Shih. 2009. Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. 31 (11 2009), 1118--1123. Google ScholarDigital Library
- Cheng-Chi Lee, Tsung-Hung Lin, and Rui-Xiang Chang. 2011. A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert System with Applications 38, 11 (2011), 13863--13870.Google Scholar
- Sandeep K Sood, Anil K Sarje, and Kuldip Singh. 2011. A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications 34, 2 (2011), 609--618. Google ScholarDigital Library
- Toan-Thinh Truong, Minh-Triet Tran, and Anh-Duc Duong. 2013. Robust secure dynamic ID based remote user authentication scheme for multi-server environment. In International Conference on Computational Science and Its Applications. Springer, 502--515.Google ScholarCross Ref
- Xiong Li, Yongping Xiong, Jian Ma, and Wendong Wang. 2012. An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J. Network and Computer Applications 35, 2 (2012), 763--769. Google ScholarDigital Library
- Ravi Singh Pippal, Jaidhar C. D., and Shashikala Tapaswi. 2013. Robust Smart Card Authentication Scheme for Multi-server Architecture. Wireless Personal Communications 72, 1 (2013), 729--745. Google ScholarDigital Library
- Xiong Li, Jian ma, Wendong Wang, Yongping Xiong, and Junsong Zhang. 2013. A novel smart card and dynamic ID based remote user authentication scheme for multi-server environment. 58 (07 2013), 85--95.Google Scholar
- Xiong Li, Jianwei Niu, Saru Kumari, Junguo Liao, and Wei Liang. 2015. An Enhancement of a Smart Card Authentication Scheme for Multi-server Architecture. Wireless Personal Communications 80, 1 (2015), 175--192. Google ScholarDigital Library
- Debiao He and Ding Wang. 2014. Robust Biometrics-Based Authentication Scheme for Multiserver Environment. 9 (01 2014), 1--8.Google Scholar
- Vanga Odelu, Ashok Kumar Das, and Adrijit Goswami. 2014. Cryptanalysis on 'Robust Biometrics-Based Authentication Scheme for Multi-server Environment'. Cryptology ePrint Archive, Report 2014/715. (2014). http://eprint.iacr.org/2014/715.Google Scholar
- Ming-Chin Chuang and Meng Chen. 2014. An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. 41 (03 2014), 1411--1418. Google ScholarDigital Library
- Dheerendra Mishra, Ashok Kumar Das, and Sourav Mukhopadhyay. 2014. A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. 41 (12 2014), 8129âĂŞ8143.Google Scholar
- Yanrong Lu, Lixiang Li, Peng Haipeng, and Yixian Yang. 2015. A biometrics and smart cards-based authentication scheme for multi-server environments. 8 (03 2015). Google ScholarDigital Library
- Ruhul Amin, SK Ha zul Islam, Muhammad Khurram Khan, Arijit Karati, Debasis Giri, and Saru Kumari. 2017. A Two-Factor RSA-Based Robust Authentication System for Multiserver Environments. Security and Communication Networks 2017 (2017). Article ID 5989151.Google Scholar
Index Terms
- On the security of a smartcard-based authentication system for multiserver environments
Recommendations
Privacy preserving smartcard-based authentication system with provable security
In this paper, we suggest a new privacy preserving smartcard-based password authenticated key exchange SC-PAKE with provable security. Only the user who has two secrets smartcard and password can go through authentication with key exchange while ...
New identity-based three-party authenticated key agreement protocol with provable security
Key agreement allows multi-parties exchanging public information to create a common secret key that is known only to those entities over an insecure network. In the recent years, several identity-based (ID-based) authenticated key agreement protocols ...
Secure remote user authentication scheme using bilinear pairings
WISTP'07: Proceedings of the 1st IFIP TC6 /WG8.8 /WG11.2 international conference on Information security theory and practices: smart cards, mobile and ubiquitous computing systemsIn 2006, Das et al. proposed a remote user authentication scheme using the properties of bilinear pairings. The current paper, however, demonstrates that Das et al.'s scheme is still vulnerable to an impersonation attack and an off-line password ...
Comments