Cryptanalysis of two dynamic identity based authentication schemes for multi-server architecture

Since network services are provided cooperatively by multiple servers in the Internet, the authentication protocols for multiserver architecture are required by Internet-based services, such as online game, online trade and so on. Recently, Li et al. analyzed Lee et al.´s protocol and proposed an improved dynamic identity based authentication protocol for multi-server architecture. They claimed that their protocol provides user´s anonymity, mutual authentication and the session key agreement against several kinds of attacks. In this paper, a cryptanalysis on Lee et al.´s scheme shows that Lee et al.´s protocol is also vulnerable to malicious server attack, stolen smart card attack and leak-of-verifier attack. Moreover, Li et al.´s improved protocol is also vulnerable to all these attacks. Further cryptanalysis reveals that Li et al.´s improved protocol is susceptible to collusion attack.