Title: On the security of an authentication scheme for multi-server architecture

Authors: Debiao He; Jianhua Chen; Wenbo Shi; Muhammad Khurram Khan

Addresses: School of Mathematics and Statistics, Wuhan University, Wuhan, 430072, China; State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, 100093, China ' School of Mathematics and Statistics, Wuhan University, Wuhan, 430072, China ' Department of Electronic Engineering, Northeastern University at Qinhuangdao, Qinhuangdao, 066004, China ' Center of Excellence in Information Assurance, King Saud University, Riyadh, 11653, Kingdom of Saudi Arabia

Abstract: Recently, Pippal et al. proposed an authentication scheme for multi-server architecture and claimed that their scheme could withstand various attacks. In this paper, we will analyse the security of Pippal et al.'s scheme. After reviewing their scheme, we find that their scheme cannot withstand the server spoofing attack, the user impersonation attack, the offline password guessing attack and the privileged insider attack. The analysis shows their scheme is not secure for practical applications.

Keywords: authentication schemes; multi-server architectures; smart cards; security; server spoofing attacks; user impersonation attacks; offline password guessing attacks; privileged insider attacks.

DOI: 10.1504/IJESDF.2013.058669

International Journal of Electronic Security and Digital Forensics, 2013 Vol.5 No.3/4, pp.288 - 296

Received: 16 Jul 2013
Accepted: 28 Oct 2013

Published online: 13 Jan 2014 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article