[Resource Topic] 2012/484: Cryptanalysis of Two Dynamic ID-based Remote User Authentication Schemes for Multi-Server Architecture

Resource Cryptographic protocols
#1

Welcome to the resource topic for 2012/484

Title:
Cryptanalysis of Two Dynamic ID-based Remote User Authentication Schemes for Multi-Server Architecture

Authors: Ding Wang, Chun-guang Ma, De-li Gu, Zhen-shan Cui

Abstract:

Understanding security failures of cryptographic protocols is the key to both patching existing protocols and designing future schemes. In NSS’10, Shao and Chin showed that Hsiang and Shih’s dynamic ID-based remote user authentication scheme for multi-server environment is vulnerable to server spoofing attack and fails to preserve user anonymity, and further proposed an improved version which is claimed to be efficient and secure. In this study, however, we will demonstrate that, although Shao-Chin’s scheme possesses many attractive features, it still cannot achieve the claimed security goals, and we report its following flaws: (1) It cannot withstand offline password guessing attack under their non-tamper resistance assumption of the smart card; (2) It fails to provide user anonymity; (3) It is prone to user impersonation attack. More recently, Li et al. found that Sood et al.'s dynamic ID-based authentication protocol for multi-server architecture is still vulnerable to several kinds of attacks and presented a new scheme that attempts to overcome the identified weaknesses. Notwithstanding their intentions, Li et al.'s scheme is still found vulnerable to various known attacks by researchers. In this study, we perform a further cryptanalysis and uncover its two other vulnerabilities: (1) It cannot achieve user anonymity, the essential goal of a dynamic ID-based scheme; (2) It is susceptible to offline password guessing attack. The proposed cryptanalysis discourages any use of the two schemes under investigation in practice and reveals some subtleties and challenges in designing this type of schemes.

ePrint: https://eprint.iacr.org/2012/484

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .