Skip to main content
SpringerLink
Log in

Cryptanalysis and Improvement of Sood et al.’s Dynamic ID-Based Authentication Scheme

  • Conference paper
Book cover Distributed Computing and Internet Technology (ICDCIT 2012)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 7154))

Abstract

Anonymity is one of the important properties of remote authentication schemes to preserve user privacy. Recently, Sood et al. showed that Wang et al.’s dynamic ID-based remote user authentication scheme fails to preserve user anonymity and is vulnerable to various attacks if the smart card is non-tamper resistant. Consequently, an improved version of dynamic ID-based authentication scheme was proposed and claimed that it is efficient and secure. In this paper, however, we will show that Sood et al.’s scheme still cannot preserve user anonymity under their assumption. In addition, their scheme is also vulnerable to the offline password guessing attack and the stolen verifier attack. To remedy these security flaws, we propose an enhanced authentication scheme, which covers all the identified weaknesses of Sood et al.’s scheme and is more secure and efficient for practical application environment.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ku, W.C., Chen, S.M.: Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 50(1), 204–207 (2004)

    Article  Google Scholar 

  2. Chen, Y.C., Yeh, L.Y.: An efficient nonce-based authentication scheme with key agreement. Applied Mathematics and Computation 169(2), 982–994 (2005)

    Article  MathSciNet  MATH  Google Scholar 

  3. Shieh, W.G., Wang, J.M.: Efficient Remote Mutual Authentication and Key Agreement. Computers and Security 25(1), 72–77 (2006)

    Article  Google Scholar 

  4. Hsiang, H.C., Shih, W.K.: Weaknesses and Improvements of the Yoon-Ryu-Yoo Remote User Authentication Scheme using Smart Cards. Computer Communications 32(4), 649–652 (2009)

    Article  MathSciNet  Google Scholar 

  5. Kumar, M.: A new secure remote user authentication scheme with smart cards. International Journal of Network Security 11, 88–93 (2010)

    Google Scholar 

  6. Sood, S.K., Sarje, A.K., Singh, K.: Secure Dynamic Identity-Based Remote User Authentication Scheme. In: Janowski, T., Mohanty, H. (eds.) ICDCIT 2010. LNCS, vol. 5966, pp. 224–235. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  7. Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  8. Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining Smart-Card Security under the Threat of Power Analysis Attacks. IEEE Transactions on Computers 51(5), 541–552 (2002)

    Article  MathSciNet  Google Scholar 

  9. Das, M.L., Saxena, A., Gulati, V.P.: A dynamic ID-based remote user authentication scheme. IEEE Transactions on Consumer Electronics 50(2), 629–631 (2004)

    Article  Google Scholar 

  10. Chien, H.Y., Chen, C.H.: A remote authentication scheme preserving user anonymity. In: IEEE AINA 2005, pp. 245–248. IEEE Computer Society, Los Alamitos (2005)

    Google Scholar 

  11. Wang, Y.Y., Liu, J.Y., Xiao, F.X., Dan, J.: A more efficient and secure dynamic ID-based remote user authentication scheme. Computer Communications 32(4), 583–585 (2009)

    Article  Google Scholar 

  12. Hu, L.L., Yang, Y.X., Niu, X.Y.: Improved remote user authentication scheme preserving user anonymity. In: Fifth Annual Conference on Communication Networks and Services Research, pp. 323–328. IEEE Computer Society, Los Alamitos (2007)

    Chapter  Google Scholar 

  13. Horng, W.B., Lee, C.P., Peng, J.: A secure remote authentication scheme preserving user anonymity with non-tamper resistant smart cards. WSEAS Transactions on Information Science and Applications 7(5), 619–628 (2010)

    Google Scholar 

  14. Yeh, K.H., Su, C.H., Lo, N.W.: Two robust remote user authentication protocols using smart cards. Journal of Systems and Software 83(12), 2556–2565 (2010)

    Article  Google Scholar 

  15. Khan, M.K., Kim, S.K., Alghathbar, K.: Cryptanalysis and security enhancement of a ‘more efficient & secure dynamic ID-based remote user authentication scheme’. Computer Communications 34(3), 305–309 (2011)

    Article  Google Scholar 

  16. Sood, S.K.: Secure Dynamic Identity-Based Authentication Scheme Using Smart Cards. Information Security Journal: A Global Perspective 20(2), 67–77 (2011)

    Google Scholar 

  17. He, D.B., Chen, J.H., Zhang, R.: Weaknesses of a dynamic ID-based remote user authentication scheme. International Journal of Electronic Security and Digital Forensics 3(4), 355–362 (2010)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. College of Computer Science and Technology, Harbin Engineering University, 145 Nantong Street, Harbin City, 150001, China

    Chun-Guang Ma, Ding Wang & Qi-Ming Zhang

  2. Automobile Management Institute of PLA, Bengbu City, 233011, China

    Ding Wang

Authors
  1. Chun-Guang Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ding Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Qi-Ming Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute of Mathematical Sciences, C.I.T. Campus, Taramani, 600113, Chennai, India

    R. Ramanujam

  2. Industrial Software Systems, ABB Corporate Research Center, Bangalore, India

    Srini Ramaswamy

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ma, CG., Wang, D., Zhang, QM. (2012). Cryptanalysis and Improvement of Sood et al.’s Dynamic ID-Based Authentication Scheme. In: Ramanujam, R., Ramaswamy, S. (eds) Distributed Computing and Internet Technology. ICDCIT 2012. Lecture Notes in Computer Science, vol 7154. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28073-3_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-28073-3_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-28072-6

  • Online ISBN: 978-3-642-28073-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation