Cryptanalysis of three dynamic ID-based remote user authentication schemes using smart cards

Abstract

Remote user authentication is a mechanism in which the remote server verifies the legitimacy of a user over an open and insecure communication channel. Password authentication using a smart card has been one of the commonly adopted methods to protect the password during transmission. Recently, many researchers have proposed a series of dynamic ID-based remote user authentication schemes with the feature that the user's identity is changed in every transaction session. In this paper, we introduce three recent proposed authentication schemes using smart cards, and point out some weaknesses in these schemes such as smart card forge attacks, impersonation attack, message forge attack, replay attack and resembling account attack, etc. Furthermore, some advanced topics about dynamic ID-based authentication scheme are discussed and demonstrated which is useful for the authentication scheme designers.