Abstract
Sood, Sarje, and Singh recently proposed a secure dynamic identity-based (ID-based) authentication protocol for multi-server architectures utilizing smart cards, wherein they reveal security weaknesses of Hsiang and Shih’s dynamic identity-based remote user authentication scheme. Sood et al. claim their proposed scheme can provide protection from various attacks such as replay, malicious user, stolen smart card, and offline dictionary attacks. However, we found their protocol does not have any defense mechanism against denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks such as resource exhaustion attack which severely affects cascade style authentication schemes. We also found the protocol is susceptible to smart card vulnerabilities such as power analysis attack from privileged insiders. In addition, if an attacker has knowledge of both the verification tables and the master secret of the control server, the client verification tables and the service provider server database are susceptible to the verifier disclosure attack and offline dictionary attack. In this paper, we will demonstrate that Sood et al.’s protocol is insecure and suffers from aforementioned potential security vulnerabilities in detail.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Digital Content Technology and its Applications
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
