article

Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment

Authors:

Han-Cheng Hsiang,

Wei-Kuan ShihAuthors Info & Claims

Computer Standards & Interfaces, Volume 31, Issue 6

Pages 1118 - 1123

https://doi.org/10.1016/j.csi.2008.11.002

Published: 01 November 2009 Publication History

Abstract

Recently, Liao and Wang proposed a secure dynamic ID based remote user authentication scheme for multi-server environment, and claimed that their scheme was intended to provide mutual authentication, two-factor security, replay attack, server spoofing attack, insider and stolen verifier attack, forward secrecy and user anonymity. In this paper, we show that Liao and Wang's scheme is still vulnerable to insider's attack, masquerade attack, server spoofing attack, registration center spoofing attack and is not reparable. Furthermore, it fails to provide mutual authentication. To remedy these flaws, this paper proposes an efficient improvement over Liao-Wang's scheme with more security. The computation cost, security, and efficiency of the improved scheme are well suited to the practical applications environment.

References

[1]

Hwang, T., Chen, Y. and Laih, C.S., Non-interactive password authentication without password tables. In: IEEE Region 10 Conference on Computer and Communication System, vol. 1. pp. 429-431.

[2]

Hwang, T. and Ku, W.C., Reparable key distribution protocols for Internet environments. IEEE Trans. Consum. Electron. v43 i5. 1947-1949.

[3]

Sun, H.M., An efficient remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. v46 i4. 958-961.

[4]

Shen, J.J., Lin, C.W. and Hwang, M.S., A modified remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. v49 i2. 414-416.

[5]

Awashti, Amit K. and Sunder, Lal, An enhanced remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. v50 i2. 583-586.

[6]

Chang, C. and Hwang, K.F., Some forgery attacks on a remote user authentication scheme using smart cards. Informatics. v14 i3. 289-294.

[7]

Das, M.L., Saxena, A. and Gulati, V.P., A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electron. v50 i2. 629-631.

[8]

Ku, W.C. and Chang, S.T., Impersonation attack on a dynamic ID-based remote user authentication scheme using smart cards. IEICE Trans. Commun. v5. 2165-2167.

[9]

Hwang, M.S., Lee, C.C. and Tang, Y.L., A simple remote user authentication scheme. Math. Comput. Model. v36 i1-2. 103-107.

[10]

Ku, W.C. and Chen, S.M., Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. v50 i1. 204-207.

[11]

Lee, C., Hwang, M.S. and Yang, W.P., A flexible remote user authentication scheme using smart cards. ACM Oper. Syst. Rev. v36 i3. 46-52.

[12]

Lee, W.B. and Chang, C.C., User identification and key distribution maintaining anonymity for distributed computer network. Comput. Syst. Sci. v15 i4. 211-214.

[13]

Tsuar, W.J., Wu, C.C. and Lee, W.B., . In: Networking-JCN2001LNCS, vol. 2093. Springer-Verlag. pp. 174-183.

[14]

Li, L., Lin, I. and Hwang, M., A remote password authentication scheme for multi-server architecture using neural networks. IEEE Trans. Neural Netw. v12 i6. 1498-1504.

[15]

Lin, C., Hwang, M.S. and Li, L.H., A new remote user authentication scheme for multi-server architecture. Future Gener. Comput. Syst. v1 i19. 13-22.

[16]

Tsuar, W.J., An enhanced user authentication scheme for multi-server internet services. Appl. Math. Comput. v170. 258-266.

[17]

Wu, T.S. and Hsu, C.L., Efficient user identification scheme with key distribution preserving anonymity for distributed computer networks. Comput. Secur. v23. 120-125.

[18]

Yang, Y., Wang, S., Bao, F., Wang, J. and Deng, R., New efficient user identification and key distribution scheme providing enhanced security. Comput. Secur. v23 i8. 697-704.

[19]

Juang, W.S., Efficient multi-server password authenticated key agreement using smart cards. IEEE Trans. Consum. Electron. v50 i1. 251-255.

[20]

Chang, C. and Lee, J.S., An efficient and secure multi-server password authentication scheme using smart cards. In: IEEE. Proceeding of the International Conference on Cyberworlds,

Digital Library

[21]

Messergers, T.S., Dabbish, E.A. and Sloan, R.H., Examining smart card security under the threat of power analysis attacks. IEEE Trans. Comput. v51 i5. 541-552.

[22]

Liao, Y.P. and Wang, S.S., A secure dynamic ID based remote user authentication scheme for multi-server environment. Comput. Stand. Interfaces.

[23]

Wang, X., Guo, F., Lai, X. and Yu, H., . In: Collisions for Hash Functions MD4,MD5, HAVAL-128 and RIPEMD, Rump Session of Crypto'04 and IACR Eprint Archive,

[24]

Wang, X. and Yu, H.B., How to break MD5 and other hash functions. In: Advances in Cryptology Eurocrypt'05, Springer-Verlag. pp. 19-35.

Cited By

Xu XWang YZhang XJiang M(2023)A Novel High-Efficiency Password Authentication and Key Agreement Protocol for Mobile Client-ServerSecurity and Communication Networks10.1155/2023/11647282023Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.1155/2023/1164728
Kandar SGhosh A(2023)Smart Card Based Remote User Authentication Scheme in Multi-server Environment Using Chebyshev Chaotic MapWireless Personal Communications: An International Journal10.1007/s11277-024-10895-w133:4(2657-2685)Online publication date: 1-Dec-2023
https://dl.acm.org/doi/10.1007/s11277-024-10895-w
Truong TTran MDuong ANguyen-Pham PNguyen HNguyen T(2022)Provable user authentication scheme on ECC in multi-server environmentThe Journal of Supercomputing10.1007/s11227-022-04641-x79:1(725-761)Online publication date: 18-Jul-2022
https://dl.acm.org/doi/10.1007/s11227-022-04641-x
Show More Cited By

Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment
1. Security and privacy
  1. Security services
2. Social and professional topics
  1. Computing / technology policy

Recommendations

Analysis and Improvement of a Novel Smart Card and Dynamic ID Based Remote User Authentication Scheme for Multi-server Environments
MINES '13: Proceedings of the 2013 Fifth International Conference on Multimedia Information Networking and Security

In 2012, Li et al. analyzed Lee et al.'s multi-server authentication scheme and proposed a novel authentication scheme. They claimed that their scheme can satisfy all of the essential requirements for multi-server environments. However, we find that Li ...
Cryptanalysis and security enhancement of a 'more efficient & secure dynamic ID-based remote user authentication scheme'

Remote user authentication is a method, in which remote server verifies the legitimacy of a user over an insecure communication channel. Currently, smart card-based remote user authentication schemes have been widely adopted due to their low ...
Secure remote user authentication scheme using bilinear pairings
WISTP'07: Proceedings of the 1st IFIP TC6 /WG8.8 /WG11.2 international conference on Information security theory and practices: smart cards, mobile and ubiquitous computing systems

In 2006, Das et al. proposed a remote user authentication scheme using the properties of bilinear pairings. The current paper, however, demonstrates that Das et al.'s scheme is still vulnerable to an impersonation attack and an off-line password ...

Comments

Information & Contributors

Information

Published In

cover image Computer Standards & Interfaces

Computer Standards & Interfaces Volume 31, Issue 6

November, 2009

148 pages

ISSN:0920-5489

Issue’s Table of Contents

Copyright © Elsevier B.V. © 2008.

Publisher

Elsevier Science Publishers B. V.

Netherlands

Publication History

Published: 01 November 2009

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

77
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 17 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Xu XWang YZhang XJiang M(2023)A Novel High-Efficiency Password Authentication and Key Agreement Protocol for Mobile Client-ServerSecurity and Communication Networks10.1155/2023/11647282023Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.1155/2023/1164728
Kandar SGhosh A(2023)Smart Card Based Remote User Authentication Scheme in Multi-server Environment Using Chebyshev Chaotic MapWireless Personal Communications: An International Journal10.1007/s11277-024-10895-w133:4(2657-2685)Online publication date: 1-Dec-2023
https://dl.acm.org/doi/10.1007/s11277-024-10895-w
Truong TTran MDuong ANguyen-Pham PNguyen HNguyen T(2022)Provable user authentication scheme on ECC in multi-server environmentThe Journal of Supercomputing10.1007/s11227-022-04641-x79:1(725-761)Online publication date: 18-Jul-2022
https://dl.acm.org/doi/10.1007/s11227-022-04641-x
Andola NPrakash SGahlot RVenkatesan SVerma S(2022)An enhanced smart card and dynamic ID based remote multi-server user authentication schemeCluster Computing10.1007/s10586-022-03585-425:5(3699-3717)Online publication date: 1-Oct-2022
https://dl.acm.org/doi/10.1007/s10586-022-03585-4
Anand DKhemchandani VSabharawal MCheikhrouhou OBen Fredj O(2021)Lightweight Technical Implementation of Single Sign-On Authentication and Key Agreement Mechanism for Multiserver Architecture-Based SystemsSecurity and Communication Networks10.1155/2021/99401832021Online publication date: 1-Jan-2021
https://dl.acm.org/doi/10.1155/2021/9940183
Yang LChen YWu T(2021)Provably Secure Client-Server Key Management Scheme in 5G NetworksWireless Communications & Mobile Computing10.1155/2021/40831992021Online publication date: 1-Jan-2021
https://dl.acm.org/doi/10.1155/2021/4083199
Shunmuganathan S(2021)A Reliable Lightweight Two Factor Mutual Authenticated Session Key Agreement Protocol for Multi-Server EnvironmentWireless Personal Communications: An International Journal10.1007/s11277-021-08850-0121:4(2789-2822)Online publication date: 1-Dec-2021
https://dl.acm.org/doi/10.1007/s11277-021-08850-0
Kandar SPal SDhara B(2021)A Biometric based Remote User Authentication Technique Using Smart Card in Multi-Server EnvironmentWireless Personal Communications: An International Journal10.1007/s11277-021-08501-4120:2(1003-1026)Online publication date: 1-Sep-2021
https://dl.acm.org/doi/10.1007/s11277-021-08501-4
Tsai CSu P(2021)The application of multi-server authentication scheme in internet banking transaction environmentsInformation Systems and e-Business Management10.1007/s10257-020-00481-519:1(77-105)Online publication date: 1-Mar-2021
https://dl.acm.org/doi/10.1007/s10257-020-00481-5
Akram MGhaffar ZMahmood KKumari SAgarwal KChen C(2020)An anonymous authenticated key-agreement scheme for multi-server infrastructureHuman-centric Computing and Information Sciences10.1186/s13673-020-00227-910:1Online publication date: 15-May-2020
https://dl.acm.org/doi/10.1186/s13673-020-00227-9
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents