Browse > Article
http://dx.doi.org/10.7236/JIIBC.2013.13.1.273

Security Analysis of a Secure Dynamic ID based Remote User Authentication Scheme for Multi-server Environment  

Yang, Hyung-Kyu (Dept. of Computer Engineering, Kangnam University)
Publication Information
The Journal of the Institute of Internet, Broadcasting and Communication / v.13, no.1, 2013 , pp. 273-278 More about this Journal
Abstract
Recently, user authentication schemes using smart cards for multi-server environment have been proposed for practical applications. In 2009, Liao-Wang proposed a secure dynamic ID based remote user authentication scheme for multi-server environment that can withstand the various possible attacks and provide user anonymity. In this paper, we analyze the security of Liao-Wang's scheme, and we show that Liao-Wang's scheme is still insecure against the forgery attack, the password guessing attack, the session key attack, and the insider attack. In addition, Liao-Wang's scheme does not provide user anonymity between the user and the server.
Keywords
Smart card; User authentication; forgery attack; user anonymity; session key attack;
Citations & Related Records
연도 인용수 순위
  • Reference
1 K. Choi, T. Kim, S. Yeo, E. Cho, "A Study on the Network Security Level Management", Journal of Korean Institute of Information Technology, vol. 7, issue 1, pp. 214-219, Feb 2009.
2 Lin, I.C., Hwang, M.S., Li, L.H, "A New Remote User Authentication Scheme for Multi-server Architecture". Future Generation Computer System, vol. 19, pp. 13-22, 2003   DOI   ScienceOn
3 Juang, W.S, "Efficient Multi-server Password Authenticated Key Agreement using Smart Cards". IEEE Transactions on Consumer Electronics, vol. 50, no. 1, pp. 251-255, 2004.   DOI   ScienceOn
4 Chang, C., Lee, J.S, "An Efficient and Secure Multi-server Password Authentication Scheme using Smart Cards". IEEE. Proceeding of the International Conference on Cyberworlds, 2004.
5 Hwang, R.J., Shiau, S.H, "Provably Efficient Authenticated Key Agreement Protocol for Multi-servers". The Computer Journal, vol. 50, no. 5, pp. 602-615, 2007.   DOI   ScienceOn
6 Tsai, J.L, "Efficient Multi-server Authentication Scheme based on One-way Hash Function without Verification Table", Computer and Security, vol. 27, pp. 115-121, 2008.   DOI   ScienceOn
7 Liao, Y.P., Wang, S.S, "A Secure Dynamic ID based Remote User Authentication Scheme for Multi-server Environment", Computer Standards and Interfaces, vol. 31, pp. 24-29, 2009.   DOI   ScienceOn
8 Kocher, P., Jaffe, J., Jun, B, "Differential Power Analysis", Proceedings of Advances in Cryptology, pp. 388-397, 1999
9 Messerges, T.S., Dabbish, E.A., Sloan, R.H, "Examining Smart-Card Security under the Threat of Power Analysis Attacks", IEEE Transactions on Computers 51(5), pp. 541-552, 2002.   DOI   ScienceOn
10 Y. Kim, Y. Jeong, G. Park, "An Authentication Protocol Proposal to Guarantee Reliability of Wireless Node in IEEE 802.16s", Journal of Korean Institute of Information Technology, vol. 6, issue 4, pp. 87-93, Aug 2008.