Cryptanalysis of Two ID Based Password Authentication Schemes for Multi-server Environments
نویسنده
چکیده
Recently, Hsiang and Shih proposed a secure dynamic ID based remote user authentication scheme for multi-server environment. In this paper, we show that Hsiang and Shih's scheme is still vulnerable to off-line password guessing attacks, impersonation attacks and server spoofing attacks. And it cannot resist agai nst extracting secr et data by in tercepting th e authentication m essage. Chen , Hua ng a nd Chou proposed an improvement on Hsian g and Shih 's scheme. However, we demonstrate that Chen, Huang an d C hou's i mproved schem e s uffers from imp ersonation attac ks, pa ssword g uessing a ttacks and server spoofing attacks. In addition, Chen et al.'s scheme cannot provide perfect forward security.
منابع مشابه
Cryptanalysis of Two Dynamic ID-based Remote User Authentication Schemes for Multi-Server Architecture
Understanding security failures of cryptographic protocols is the key to both patching existing protocols and designing future schemes. In NSS’10, Shao and Chin pointed out that Hsiang and Shih’s dynamic ID-based remote user authentication scheme for multi-server environment is vulnerable to server spoofing attack and fails to preserve user anonymity, and further proposed an improved version wh...
متن کاملCryptanalysis of Tan's Improvement on a Password Authentication Scheme for Multi-server Environments
Smart cards have been applied on password authentication in recent years. A user can input his/her identity and password to require services from the remote server. There are various attacks through an insecure network to obtain a user’s information. Therefore, many schemes are proposed to guarantee secure communication. However, a lot of schemes are not secure. Recently, Tan proposed an improv...
متن کاملCryptanalysis of Two Dynamic ID-Based Remote User Authentication Schemes for Preserving User Privacy
Remote user authentication is an essential part in electronic commerce to identify legitimate users over the Internet. However, how to protect user privacy in the authentication has become an important issue recently. Therefore, many secure authentication schemes with smart cards have been proposed. In this paper, we will analyze the security weaknesses of two recently proposed authentication s...
متن کاملSecurity Analysis of A Dynamic ID-based Remote User Authentication Scheme
Since 1981, when Lamport introduced the remote user authentication scheme using table, a plenty of schemes had been proposed with table and without table using. Recently Das, Saxena and Gulati have proposed A dynamic ID-based remote user authentication scheme. They claimed that their scheme is secure against ID-theft, and can resist the reply attacks, forgery attacks, and insider attacks and so...
متن کاملAn efficient dynamic ID based remote user authentication scheme using self-certified public keys for multi-server environment
Recently, Li et al. analyzed Lee et al.’s multi-server authentication scheme and proposed a novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. They claimed that their scheme can resist several kinds of attacks. However, through careful analysis, we find that Li et al.’s scheme is vulnerable to stolen smart card and offline dictionary attack, r...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2011