Paper 2015/490

Cryptanalysis Of Dynamic ID Based Remote User Authentication Scheme With Key Agreement

Sonam Devgan Kaul and Amit K. Awasthi

Abstract

In 2012, Wen and Li proposed a secure and robust dynamic identity based remote user authentication scheme with key agreement using smart cards. They claimed that their scheme is efficient and secure. But in this paper, we demonstrate that their scheme is completely insecure and vulnerable to various known attacks like offline and online password guessing attack, impersonation attack, server masquerading attack, denial of service attack and an insider attack. Also we point out that there are loopholes in password change phase and online secret renew phase which leads to the desynchronization between user and the server and even the legitimate user is rejected by the server. In addition, an adversary can easily generate the common session key of further transmission between user and the server. Thus the entire system collapses and authors claims are proven to be wrong and their scheme will not be secure and efficient for practical purpose.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
CryptanalysisRemote User AuthenticationKey AgreementHash function
Contact author(s)
sonamdevgan11 @ gmail com
History
2015-05-25: received
Short URL
https://ia.cr/2015/490
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/490,
      author = {Sonam Devgan Kaul and Amit K.  Awasthi},
      title = {Cryptanalysis Of Dynamic ID Based Remote User Authentication Scheme With Key Agreement},
      howpublished = {Cryptology ePrint Archive, Paper 2015/490},
      year = {2015},
      note = {\url{https://eprint.iacr.org/2015/490}},
      url = {https://eprint.iacr.org/2015/490}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.