Cryptology ePrint Archive: Report 2015/490

Cryptanalysis Of Dynamic ID Based Remote User Authentication Scheme With Key Agreement

Sonam Devgan Kaul and Amit K. Awasthi

Abstract: In 2012, Wen and Li proposed a secure and robust dynamic identity based remote user authentication scheme with key agreement using smart cards. They claimed that their scheme is efficient and secure. But in this paper, we demonstrate that their scheme is completely insecure and vulnerable to various known attacks like offline and online password guessing attack, impersonation attack, server masquerading attack, denial of service attack and an insider attack. Also we point out that there are loopholes in password change phase and online secret renew phase which leads to the desynchronization between user and the server and even the legitimate user is rejected by the server. In addition, an adversary can easily generate the common session key of further transmission between user and the server. Thus the entire system collapses and authors claims are proven to be wrong and their scheme will not be secure and efficient for practical purpose.

Category / Keywords: cryptographic protocols / Cryptanalysis; Remote User Authentication; Key Agreement; Hash function

Date: received 22 May 2015

Contact author: sonamdevgan11 at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20150525:144700 (All versions of this report)

Short URL: ia.cr/2015/490

Discussion forum: Show discussion | Start new discussion