Abstract
Dynamic ID based authentication scheme is more and more important in wireless environments such as GSM, CDPD, 3G and 4G. One of important properties of such authentication scheme is anonymity. It must be guaranteed to defend the privacy of mobile users against outside attacks, and the scheme of Cheng-Chi Lee, Tsung-Hung Lin and Rui-Xiang Chang satisfies that requirement. However, another important property that should be considered is impersonation. The scheme must have capability to resist this kind of attack to protect legal users from illegal adversaries. In this paper, we demonstrate that Lee et al.’s scheme is still vulnerable to masquerade attack and session key attack with stolen smart card. Then we present an improvement of their scheme in order to isolate such problems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Lee, C.-C., Lin, T.-H., Chang, R.-X.: A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications 38(11), 13863–13870 (2011)
Liao, Y.-P., Wang, S.-S.: A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces 31(1), 24–29 (2009)
Hsiang, H.-C., Shih, W.-K.: Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces 31(6), 1118–1123 (November 2009)
Hwang, M.S., Lee, C.C., Tang, Y.L.: Improved efficient remote user authentication schemes. Int. J. Netw. Secur. 4(2), 149–154 (2007)
Lee, C.C., Hwang, M.S., Yang, W.P.: Flexible Remote User Authentication Scheme Using Smart Cards. ACM Operating Systems Review 36(3), 46–52 (2002)
Das, M.L., Saxena, A., Gulati, V.P.: A Dynamic ID-based Remote User Authentication Scheme. IEEE Transactions on Consumer Electronics 50(2), 629–631 (2004)
Yoon, E.-J., Yoo, K.-Y.: Improving the Dynamic ID-Based Remote Mutual Authentication Scheme. OTM Workshops (1), 499–507 (2006)
Chen, T.-H., Chen, Y.-C., Shih, W.-K., Wei, H.-W.: An efficient anonymous authentication protocol for mobile pay-TV. Advanced Topics in Cloud Computing 34(4), 1131–1137 (2011)
Menezes, A.J., Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptograph. CRC Press, New York (1997)
Lamport, L.: Password Authentication with Insecure Communication. Communications of the ACM 24, 770–772 (1981)
Hwang, M.S., Lee, C.C., Tang, Y.L.: A Simple Remote User Authentication Scheme. Mathematical and Computer Modelling 36, 103–107 (2002)
Li, L.H., Lin, I.C., Hwang, M.S.: A Remote Password Authentication Scheme for Multiserver Architecture Using Neural Networks. IEEE Transactions on Neural Network 12(6), 1498–1504 (2001)
Shen, J.J., Lin, C.W., Hwang, M.S.: A Modified Remote User Authentication Scheme Using Smart Cards. IEEE Transactions on Consumer Electronics 49(2), 414–416 (2003)
Xu, J., Zhu, W.-T., Feng, D.-G.: An efficient mutual authentication and key agreement protocol preserving user anonymity in mobile networks. Computer Communications 34(3), 319–325 (2011)
Wang, R.-C., Juang, W.-S., Lei, C.-L.: Robust authentication and key agreement scheme preserving the privacy of secret key. Computer Communications 34(3), 274–280 (2011)
Islam, S.H., Biswas, G.P.: A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Journal of Systems and Software (2011) (In Press); Corrected Proof, Available online (July 7, 2011)
Vaidya, B., Park, J.H., Joel, S.-S.Y., Rodrigues, J.P.C.: Robust one-time password authentication scheme using smart card for home network environment. Computer Communications 34(3), 326–336 (2011)
Liaw, H.-T., Lin, J.-F., Wu, W.-C.: An efficient and complete remote user authentication scheme using smart cards. Mathematical and Computer Modelling 44(1-2), 223–228 (2006)
Boyd, C., Choo, K.: Security of Two-Party Identity-Based Key Agreement. In: Dawson, E., Vaudenay, S. (eds.) Mycrypt 2005. LNCS, vol. 3715, pp. 229–243. Springer, Heidelberg (2005)
Shim, K.: Effient ID-based authenticated key agreement protocol based on the Weil pairing. Electron. Lett. 39(8), 653–654 (2003)
Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Messerges, T.S., Dabbish, E.A., Sloan, R.: Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers 51(5), 54152 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Truong, TT., Tran, MT., Duong, AD. (2013). Robust Secure Dynamic ID Based Remote User Authentication Scheme for Multi-server Environment. In: Murgante, B., et al. Computational Science and Its Applications – ICCSA 2013. ICCSA 2013. Lecture Notes in Computer Science, vol 7975. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39640-3_37
Download citation
DOI: https://doi.org/10.1007/978-3-642-39640-3_37
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-39639-7
Online ISBN: 978-3-642-39640-3
eBook Packages: Computer ScienceComputer Science (R0)