Abstract
Recently, Li et al. proposed a novel smart card and dynamic ID-based remote user authentication scheme for multi-server environments. They claimed that their scheme can resist several types of attacks. However, through careful analysis, we find that Li et al.’s scheme is vulnerable to stolen smart card and off-line dictionary attacks, replay attacks, impersonation attacks and server spoofing attacks. By analyzing other similar schemes, we find that a certain type of dynamic ID-based multi-server authentication scheme in which only hash functions are used and whereby no registration center participates in the authentication and session key agreement phase faces difficulties in providing perfectly efficient and secure authentication. To compensate for these shortcomings, we propose a novel dynamic ID-based remote user authentication scheme for multi-server environments based on pairing and self-certified public keys. Security and performance analyses show that the proposed scheme is secure against various attacks and has many excellent features.
Highlights
With the rapid development of network technologies, increasingly more people are beginning to use networks to acquire various services such as on-line financial information, on-line medical information, on-line shopping, on-line bill payment, and on-line documentation and data exchange
We analyze a novel multi-server authentication scheme, Li et al.’s scheme [20], which is only based on hash functions and a non-registration center (RC)-dependent authentication scheme. We find that this scheme is vulnerable to stolen smart cards and offline dictionary attacks, replay attacks, impersonation attacks and server spoofing attacks
Except for Li et al.’s scheme, we analyzed four other dynamic ID-based authentication schemes for multi-server environments [15, 17,18,19]. These schemes are all based on hash functions and are not dependent on RCs. We found that this type of multi-server remote user authentication scheme is generally vulnerable to stolen smart card and offline dictionary attacks, impersonation attacks, server spoofing attacks etc
Summary
With the rapid development of network technologies, increasingly more people are beginning to use networks to acquire various services such as on-line financial information, on-line medical information, on-line shopping, on-line bill payment, and on-line documentation and data exchange. Conventional password-based authentication methods are not suitable for multiserver environments since each user need to log into various remote servers repetitively and remember many different sets of identities and passwords if he/she wants to access these service provider servers To resolve this problem, in 2000, based on the difficulty of factorization and hash functions, Lee and Chang [10] proposed a user identification and key distribution scheme that can be applied to multi-server environments. By analyzing other similar schemes [15, 17,18,19], we find that the type of dynamic ID-based multi-server authentication scheme that only uses hash functions and are not dependent on RCs face difficulties in providing perfectly efficient and secure authentication To compensate for these shortcomings, we propose a novel dynamic ID-based remote user authentication scheme for multi-server environments. The performance and cost analysis show that our scheme is very efficient and more secure than other related schemes
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
