Title :
Cryptanalysis of Khan et al.´s dynamic ID-based remote user authentication scheme
Author :
Li, Chun-Ta ; Lee, Cheng-Chi ; Liu, Chen-Ju ; Lee, Chin-Wen
Author_Institution :
Dept. of Inf. Manage., Tainan Univ. of Technol., Tainan, Taiwan
fDate :
Nov. 29 2010-Dec. 1 2010
Abstract :
Recently, Khan et al. showed that Wang et al.´s dynamic ID-based remote user authentication scheme is not feasible for real-life implementations such as without preserving anonymity of a user during authentication, user cannot choose the password he/she wants, no provision for revocation of lost or stolen smart card, and can not provide session key agreement. Consequently, an improved version of dynamic ID-based remote user authentication scheme was proposed and claimed that it was now secure and of practical value. However, in this paper, we will show that user anonymity of Khan et al.´s scheme is not preserved and a registered user Uj can identify the login person Ui trying to login into the server. Furthermore, Khan et al.´s scheme suffers from insider attacks and the malicious insider can impersonate legal users to login into remote server.
Keywords :
authorisation; computer network security; network servers; public key cryptography; smart cards; cryptanalysis; dynamic ID; remote server; remote user authentication; user anonymity; user authentication; Cryptanalysis; Dynamic ID; Remote user authentication; Smart cards; User anonymity;
Conference_Titel :
Intelligent Systems Design and Applications (ISDA), 2010 10th International Conference on
Conference_Location :
Cairo
Print_ISBN :
978-1-4244-8134-7
DOI :
10.1109/ISDA.2010.5687103