oalib
Search Results: 1 - 10 of 100 matches for " "
All listed articles are free for downloading (OA Articles)
Page 1 /100
Display every page Item
Cryptanalysis of A Secure Remote User Authentication Scheme Using Smart Cards  [PDF]
Tanmoy Maitra
Computer Science , 2015,
Abstract: Smart card based authentication schemes are used in various fields like e-banking, e-commerce, wireless sensor networks, medical system and so on to authenticate the both remote user and the application server during the communication via internet. Recently, Karuppiah and Saravanan proposed an authentication scheme which is based on password and one-way cryptographic hash function. They have used a secure identity mechanism i.e., users' and server's identity are not public. Thus, the user and the server do not send their identity directly to each other during communications. In this paper, we have found out that their scheme does not overcome the reply attack and also there is a fault in the login phase, which makes their scheme is not perfect for practical use.
Advanced Secure Dynamic-ID Based Remote User Authentication Scheme
chandra sekhar vorugunti
Journal of Global Research in Computer Science , 2012,
Abstract: With large scale deployment of E-Commerce applications, security of data over insecure communication channels becomes crucial challenge. To ensure authenticity of a remote user to access server resources, smart card based remote user authentication schemes have been widely adopted. In 2004, Das et al [9] proposed first of its kind of protocol for remote user authentication with smart cards using Dynamic Id to protect user anonymity. Various researchers like Awasthi and lal[4] had pointed various issues in Das et al scheme. They had shown that Das et al scheme is completely insecure and it is equivalent to open server access without password. In 2006 Bindu et al[13] claimed that Das et al scheme doesn’t provides mutual authentication and various other issues. Bindu et al proposed an improved scheme which overcomes the weaknesses of Das et al scheme and achieves mutual authentication. In this paper we will show that Bindu et al scheme cannot achieve Mutual authentication under their assumption. In addition their scheme is vulnerable to user-impersonation attack, server-masquerading attack, Man in the Middle attack, password guessing attack, DoS attack, Revealing of server secret information to users and fails to preserve user anonymity which is most important requirement for E-Commerce applications. We then present our improved scheme to overcome the vulnerabilities stated in Bindu et al scheme while preserving all the merits of their scheme.
Efficient and Secure Dynamic ID-Based Remote User Authentication Scheme with Session Key Agreement for Multi-Server Environment  [PDF]
Rafael Martínez-Peláez,Francisco Rico-Novella,Cristina Satizábal,Jacek Pomyka?a
International Journal of Network Security & Its Applications , 2010,
Abstract: In 2007, Liao-Wang proposed a dynamic ID-based remote user authentication scheme for multi-serverenvironment using smart cards. However, Hsiang-Shih demonstrated that Liao-Wang’s scheme hassecurity flaws. Moreover, Hsiang-Shih proposed an improvement scheme which resolves the securityflaws of Liao-Wang scheme. In this paper, we propose an enhanced remote user authentication schemewhich maintains the merits of Hsiang-Shih’s scheme. Performance evaluation demonstrated the efficiencyof the proposed scheme over related works. Security analysis proved that the proposed scheme is secureagainst known attacks.
A Dynamic ID-based Remote User Authentication Scheme  [PDF]
Manik Lal Das,Ashutosh Saxena,Ved P. Gulati
Computer Science , 2007,
Abstract: Password-based authentication schemes are the most widely used techniques for remote user authentication. Many static ID-based remote user authentication schemes both with and without smart cards have been proposed. Most of the schemes do not allow the users to choose and change their passwords, and maintain a verifier table to verify the validity of the user login. In this paper we present a dynamic ID-based remote user authentication scheme using smart cards. Our scheme allows the users to choose and change their passwords freely, and do not maintain any verifier table. The scheme is secure against ID-theft, and can resist the reply attacks, forgery attacks, guessing attacks, insider attacks and stolen verifier attacks.
Comment on A dynamic ID-based Remote User Authentication Scheme  [PDF]
Amit K Awasthi
Computer Science , 2004,
Abstract: Since 1981, when Lamport introduced the remote user authentication scheme using table, a plenty of schemes had been proposed with tables or without table using. Recently Das et al. proposed a dynamic id-based remote user authentication scheme. They claimed that their scheme is secure against ID-theft, and can resist the reply attacks, forgery attacks, insider attacks an so on. In this paper we show that Das et al's scheme is completly insecure and using of this scheme is like an open server access without password.
Advanced Secure Remote User Authentication Scheme Preserving User Anonymity  [cached]
chandra sekhar vorugunti,Mrudula Sarvabhatla
Journal of Global Research in Computer Science , 2012,
Abstract: To ensure secure transmission of data and to authenticate remote user while accessing server resources, smart card based remote user authentication schemes have been widely adopted. In 2004, Das et al proposed first of its kind of protocol for remote user authentication with smart cards using Dynamic Id to protect user anonymity. In 2005, Chien et al pointed out that Das et al scheme failed to preserve user anonymity and the scheme is equivalent to open access without any password and proposed a new scheme to remedy of Das et al. In 2008 Bindu et al pointed out that Chien et al scheme is insecure against Insider attack and Man in the Middle attack and proposed a new scheme to remedy of Chien et al. In this paper we will show that Bindu et al scheme cannot preserve user anonymity under their assumption. In addition their scheme is vulnerable to user-impersonation attack, server-masquerading attack, Man in the Middle attack, stolen smart card attack, password guessing attack, replay attack, fails to achieve mutual authentication and perfect forward secrecy (PFS). We then present our improved scheme to overcome the vulnerabilities stated in Bindu et al’s scheme while preserving all the merits of their scheme.
An Improved Dynamic ID-Based Remote User Authentication with Key Agreement Scheme  [PDF]
Juan Qu,Li-min Zou
Journal of Electrical and Computer Engineering , 2013, DOI: 10.1155/2013/786587
Abstract: In recent years, several dynamic ID-based remote user authentication schemes have been proposed. In 2012, Wen and Li proposed a dynamic ID-based remote user authentication with key agreement scheme. They claimed that their scheme can resist impersonation attack and insider attack and provide anonymity for the users. However, we will show that Wen and Li's scheme cannot withstand insider attack and forward secrecy, does not provide anonymity for the users, and inefficiency for error password login. In this paper, we propose a novel ECC-based remote user authentication scheme which is immune to various known types of attack and is more secure and practical for mobile clients. 1. Introduction Smart card authentication is that the most commonly used authentication method that legal users can access the resources provided by remote servers. Due to its simplicity and convenience, it is used in many areas such as E-banks or remote host login. Over the past few years, considerable authentication protocols [1–7] have been proposed. However, most of these schemes are based on static ID and have some flaws such as server spoofing attack, insider attack, and impersonation attack. Based on previous research, an ideal password authentication scheme should achieve the following goals. First, the server should not maintain any verifier table and the user can choose and change his/her password freely. Second, the remote user authentication scheme should meet all the security requirements and achieve all the goals. Third, the remote user authentication scheme has low communication and computation cost. In 2004, Das et al. [8] presented a dynamic ID-based remote user authentication scheme using smart cards. They pointed out that their scheme does not maintain any verifier table and can resist the replay attack, forgery attacks, guessing attacks, and insider attacks. However, in 2009, Wang et al. [9] pointed out that Das et al.’s scheme does not achieve mutual authentication and could not resist impersonation attack. Then, Wang et al. proposed an enhanced password authentication scheme which keeps the merits of Das et al.’s scheme. After that, Tsai et al. [10] showed that Wang et al.’s scheme cannot achieve user anonymity since both and its dynamic are presented in the login message. In the following, Tsai et al. demonstrate that Wang et al.’s scheme is also vulnerable to the impersonation attack. In the same year, Yeh et al. [11] showed that Wang et al.’s scheme is insecure against replay attack, user impersonation attack, server counterfeit attack, man-in-the-middle
Weaknesses of a Dynamic ID Based Remote User Authentication Protocol for Multi-Server Environment  [PDF]
R. Madhusudhan, Adireddi Praveen
Journal of Computer and Communications (JCC) , 2014, DOI: 10.4236/jcc.2014.24026
Abstract:

Currently, smart card based remote user authentication schemes have been widely adopted due to their low cost and convenient portability. With the purpose of using various different internet services with single registration and to protect the users from being tracked, various dynamic ID based multi-server authentication protocols have been proposed. Recently, Li et al. proposed an efficient and secure dynamic ID based authentication protocol using smart cards. They claimed that their protocol provides strong security. In this paper, we have demonstrated that Li et al.’s protocol is vulnerable to replay attack, denial of service attack, smart card lost attack, eavesdropping attack and server spoofing attacks.

Cryptanalysis of Sun and Cao's Remote Authentication Scheme with User Anonymity  [PDF]
Dheerendra Mishra
Computer Science , 2013,
Abstract: Dynamic ID-based remote user authentication schemes ensure efficient and anonymous mutual authentication between entities. In 2013, Khan et al. proposed an improved dynamic ID-based authentication scheme to overcome the security flaws of Wang et al.'s authentication scheme. Recently, Sun and Cao showed that Khan et al. does not satisfies the claim of the user's privacy and proposed an efficient authentication scheme with user anonymity. The Sun and Cao's scheme achieve improvement over Khan et al.'s scheme in both privacy and performance point of view. Unfortunately, we identify that Sun and Cao's scheme does not resist password guessing attack. Additionally, Sun and Cao's scheme does not achieve forward secrecy.
An efficient dynamic ID based remote user authentication scheme using self-certified public keys for multi-server environment  [PDF]
Dawei Zhao,Haipeng Peng,Shudong Li,Yixian Yang
Computer Science , 2013,
Abstract: Recently, Li et al. analyzed Lee et al.'s multi-server authentication scheme and proposed a novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. They claimed that their scheme can resist several kinds of attacks. However, through careful analysis, we find that Li et al.'s scheme is vulnerable to stolen smart card and offline dictionary attack, replay attack, impersonation attack and server spoofing attack. By analyzing other similar schemes, we find that the certain type of dynamic ID based multi-server authentication scheme in which only hash functions are used and no registration center participates in the authentication and session key agreement phase is hard to provide perfect efficient and secure authentication. To compensate for these shortcomings, we improve the recently proposed Liao et al.'s multi-server authentication scheme which is based on pairing and self-certified public keys, and propose a novel dynamic ID based remote user authentication scheme for multi-server environments. Liao et al.'s scheme is found vulnerable to offline dictionary attack and denial of service attack, and cannot provide user's anonymity and local password verification. However, our proposed scheme overcomes the shortcomings of Liao et al.'s scheme. Security and performance analyses show the proposed scheme is secure against various attacks and has many excellent features.
Page 1 /100
Display every page Item


Home
Copyright © 2008-2017 Open Access Library. All rights reserved.