Title :
Security Issues of Chen et al.´s Dynamic ID-Based Authentication Scheme
Author :
Khan, Muhammad Khurram ; Kumari, Smriti ; Xiaomin Wang ; Kumar, Ravindra
Author_Institution :
Center of Excellence in Inf. Assurance, King Saud Univ., Riyadh, Saudi Arabia
Abstract :
Chen et al. proposed in 2012, a dynamic ID-based authentication scheme for Telecare Medical Information Systems. Chen et al. preferred simpler computations unlike previous schemes proposed for TMIS, so they designed a computational complexity-free protocol. But it entails many security concerns. Here we show that an adversary can cheat the lawful participants of the scheme, can compute the agreed upon session-key, which renders the communication between the participants as un-confidential. We further illustrate that in-spite of using dynamic identity during login phase their scheme does not provide user anonymity. We also demonstrate that their design invites password guessing attack, stolen verifier attack and has an incomplete password change phase.
Keywords :
computational complexity; medical information systems; security of data; user interfaces; TMIS; Telecare medical information systems; computational complexity-free protocol; dynamic ID-based authentication scheme; incomplete password change phase; password guessing attack; security issues; stolen verifier attack; user anonymity; Authentication; Cryptography; Educational institutions; Mobile handsets; Smart cards; Vehicle dynamics; authentication; impersonation; mobile device loss attack; password guessing; user anonymity;
Conference_Titel :
Dependable, Autonomic and Secure Computing (DASC), 2014 IEEE 12th International Conference on
Conference_Location :
Dalian
Print_ISBN :
978-1-4799-5078-2
DOI :
10.1109/DASC.2014.31
