[Resource Topic] 2015/490: Cryptanalysis Of Dynamic ID Based Remote User Authentication Scheme With Key Agreement

Welcome to the resource topic for 2015/490

Title:
Cryptanalysis Of Dynamic ID Based Remote User Authentication Scheme With Key Agreement

Authors: Sonam Devgan Kaul, Amit K. Awasthi

Abstract:

In 2012, Wen and Li proposed a secure and robust dynamic identity based remote user authentication scheme with key agreement using smart cards. They claimed that their scheme is efficient and secure. But in this paper, we demonstrate that their scheme is completely insecure and vulnerable to various known attacks like offline and online password guessing attack, impersonation attack, server masquerading attack, denial of service attack and an insider attack. Also we point out that there are loopholes in password change phase and online secret renew phase which leads to the desynchronization between user and the server and even the legitimate user is rejected by the server. In addition, an adversary can easily generate the common session key of further transmission between user and the server. Thus the entire system collapses and authors claims are proven to be wrong and their scheme will not be secure and efficient for practical purpose.

ePrint: https://eprint.iacr.org/2015/490

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .