Title: Weaknesses in a dynamic ID-based remote user authentication scheme for multi-server environment

Authors: Debiao He; Yin Huang

Addresses: School of Mathematics and Statistics, Wuhan University, Wuhan 430072, China ' Sumavision Technology Co. Ltd., Beijing 100085, China

Abstract: Due to the widespread applications of internet services, the study of accessing the resources of multi-server environment has received considerable attention, and many schemes are proposed successively. Very recently, Hsiang et al. proposed a dynamic ID-based remote user authentication scheme for multi-server environment. They claimed their scheme can resist various attacks. However, in this paper, we will show that Hsiang et al.'s scheme is vulnerable to the impersonation attack, the password guessing attack, the masquerading user attack and the masquerading server attack. The analysis shows that Hsiang et al.'s scheme is insecure for practical application.

Keywords: remote users; authentication; electronic security; cryptanalysis; smart cards; attacks; multi-server environments; user identification; impersonation attack; password guessing attack; masquerading user attack; masquerading server attack.

DOI: 10.1504/IJESDF.2012.045389

International Journal of Electronic Security and Digital Forensics, 2012 Vol.4 No.1, pp.43 - 53

Received: 16 Dec 2010
Accepted: 03 Oct 2011
Published online: 19 Nov 2014 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article