Paper Info
Title
Cryptanalysis and security enhancement of a 'more efficient & secure dynamic ID-based remote user authentication scheme'
Abstract
Remote user authentication is a method, in which remote server verifies the legitimacy of a user over an insecure communication channel. Currently, smart card-based remote user authentication schemes have been widely adopted due to their low computational cost and convenient portability for the authentication purpose. Recently, Wang et al. proposed a dynamic ID-based remote user authentication scheme using smart cards. They claimed that their scheme preserves anonymity of user, has the features of strong password chosen by the server, and protected from several attacks. However, in this paper, we point out that Wang et al.'s scheme has practical pitfalls and is not feasible for real-life implementation. We identify that their scheme: does not provide anonymity of a user during authentication, user has no choice in choosing his password, vulnerable to insider attack, no provision for revocation of lost or stolen smart card, and does provide session key agreement. To remedy these security flaws, we propose an enhanced authentication scheme, which covers all the identified weaknesses of Wang et al.'s scheme and is more secure and efficient for practical application environment.
Year
DOI
Venue
2011
10.1016/j.comcom.2010.02.011
Computer Communications
Keywords
Field
DocType
Authentication,Security,Smart card,Cryptanalysis,Password
Authentication,Computer security,Challenge–response authentication,Computer science,Computer network,Smart card,Data Authentication Algorithm,Authentication protocol,Access control,Password,Multi-factor authentication
Journal
Volume
Issue
ISSN
34
3
Computer Communications
Citations 
PageRank 
References 
115
3.17
24
Authors
3
Search Limit
100115
Name
Order
Citations
PageRank
Muhammad Khurram Khan13538204.81
Sookyun Kim21668.93
Khaled Alghathbar349832.54