Title :
Attacks and improvement of “security enhancement for a dynamic id-based remote user authentication scheme”
Author :
Cheikrouhou, Omar ; Boujelben, Manel ; Koubaa, Anis ; Abid, Mohamed
Author_Institution :
CES Res. Unit, Nat. Sch. of Eng., Sfax
Abstract :
In 2004, Das et al. proposed a ldquoDynamic ID-based Remote User Authentication Scheme using Smart Cardsrdquo. This scheme have the advantage that users can choose and change their password freely and the server does not maintain any verifier table, which avoid the risk of stolen/modifying this table. However, in 2005, Liao et al. demonstrated that Das et al.´s scheme suffers from guessing attacks, unilateral authentication and revealing of user password and propose improvements to prevent these shortcomings. However, in this paper, we demonstrate that Liao et al.´s scheme is not secure and it is vulnerable to stolen/lost smart card attack, impersonation (forgery) attack and password revealing attack. In fact, we prove that the scheme is equivalent to no password scheme. Then, we propose possible improvements to Liao et al.´s scheme. We demonstrate through comparison between the three schemes that the proposed one is more secure while maintaining the same computational overhead as Das et al.´s scheme.
Keywords :
security of data; smart cards; dynamic ID-based remote user authentication scheme; password revealing attack; security enhancement; unilateral authentication; user password; Authentication; Communications technology; Computer science; Computer security; Educational institutions; Forgery; Information systems; National security; Smart cards; Web and internet services;
Conference_Titel :
Computer Systems and Applications, 2009. AICCSA 2009. IEEE/ACS International Conference on
Conference_Location :
Rabat
Print_ISBN :
978-1-4244-3807-5
Electronic_ISBN :
978-1-4244-3806-8
DOI :
10.1109/AICCSA.2009.5069373
