Cryptanalysis of remote user authentication scheme with key agreement

Author

Madhusudan, R. ; Valiveti, Annapurna

Author_Institution

Dept. of Math. & Comput. Sci., Nat. Inst. of Technol. Karnataka, Surathkal, India

fYear

2015

fDate

21-23 April 2015

Firstpage

476

Lastpage

480

Abstract

Password authentication with smart card is one of the most convenient and effective two-factor authentication mechanisms for remote systems to assure one communicating party of the legitimacy of the corresponding party by acquisition of corroborative evidence. This technique has been widely deployed for various kinds of authentication applications, such as remote host login, online banking, e-commerce and e-health. Recently, Kumari et al. presented a dynamic-identity-based user authentication scheme with session key agreement. In this research, we illustrate that Kumari et al.´s scheme violates the purpose of dynamic-identity contrary to author´s claim. We show that once the smart card of an arbitrary user is lost, messages of all registered users are at risk. Using information from an arbitrary smart card, an adversary can impersonate any user of the system.

Keywords

cryptography; message authentication; smart cards; corroborative evidence acquisition; cryptanalysis; dynamic-identity-based user authentication scheme; password authentication; remote user authentication scheme; session key agreement; smart card; two-factor authentication mechanisms; Authentication; Bismuth; Nickel; Servers; Silicon; Smart cards; Smartcard; authentication; cryptanalysis; dynamic-id based authentication scheme;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer, Communications, and Control Technology (I4CT), 2015 International Conference on

Conference_Location

Kuching

Type

conf

DOI

10.1109/I4CT.2015.7219623

Filename

7219623