Security Issues of Chen et al.'s Dynamic ID-based Authentication Scheme

被引：1

作者：

Khan, Muhammad Khurram ^{[1
]}

Kumari, Saru ^{[2
]}

Wang, Xiaomin ^{[3
]}

Kumar, Rahul ^{[4
]}

机构：

[1] King Saud Univ, Ctr Excellence Informat Assurance, Riyadh, Saudi Arabia

[2] Dr BRA Univ, Agra Coll, Dept Math, Agra, Uttar Pradesh, India

[3] Southwest Jiaotong Univ, Sch Informat Sci & Technol, Chengdu, Peoples R China

[4] DBS Coll, Dept Math, Kanpur, Uttar Pradesh, India

来源：

2014 IEEE 12TH INTERNATIONAL CONFERENCE ON DEPENDABLE, AUTONOMIC AND SECURE COMPUTING (DASC)/2014 IEEE 12TH INTERNATIONAL CONFERENCE ON EMBEDDED COMPUTING (EMBEDDEDCOM)/2014 IEEE 12TH INTERNATIONAL CONF ON PERVASIVE INTELLIGENCE AND COMPUTING (PICOM) | 2014年

基金：

中国国家自然科学基金;

关键词：

authentication; mobile device loss attack; impersonation; password guessing; user anonymity; EFFICIENT; CRYPTANALYSIS; IMPROVEMENT;

D O I：

10.1109/DASC.2014.31

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Chen et al. proposed in 2012, a dynamic ID-based authentication scheme for Telecare Medical Information Systems. Chen et al. preferred simpler computations unlike previous schemes proposed for TMIS, so they designed a computational complexity-free protocol. But it entails many security concerns. Here we show that an adversary can cheat the lawful participants of the scheme, can compute the agreed upon session-key; which renders the communication between the participants as un-confidential. We further illustrate that in-spite of using dynamic identity during login phase their scheme does not provide user anonymity. We also demonstrate that their design invites password guessing attack, stolen verifier attack and has an incomplete password change phase.

引用

页码：125 / +

页数：3

共 50 条

[1] Cryptanalysis and Improvement of Sood et al.'s Dynamic ID-Based Authentication Scheme
Ma, Chun-Guang
Wang, Ding
Zhang, Qi-Ming
[J]. DISTRIBUTED COMPUTING AND INTERNET TECHNOLOGY, 2012, 7154 : 141 - 152
[2] On the Privacy of Khan et al.'s Dynamic ID-Based Remote Authentication Scheme with User Anonymity
Sun, Da-Zhi
Cao, Zhen-Fu
[J]. CRYPTOLOGIA, 2013, 37 (04) : 345 - 355
[3] Security enhancement for a dynamic ID-based remote user authentication scheme
Liao, IE
Lee, CC
Hwang, MS
[J]. International Conference on Next Generation Web Services Practices, 2005, : 437 - 440
[4] Attack on Libert et al.'s ID-Based Undeniable Signature Scheme
Li Zichen
Yan Yunsheng
Zhang Juanmei
[J]. CHINESE JOURNAL OF ELECTRONICS, 2008, 17 (04) : 748 - 750
[5] An attack on libert et al.'s ID-based undeniable signature scheme
Li, Zichen
Chong, C.F.
Hui, Lucas Chi-Kwong
Yiu, Siu-Ming
Chow, K.P.
Tsang, Wai-Wan
Chan, H.W.
Pun, Kelvin K. H
[J]. International Journal of Network Security, 2007, 5 (02) : 220 - 223
[6] Cryptanalysis on improved Chou et al.'s ID-based deniable authentication protocol
Lim, Meng-Hui
Lee, Sanggon
Lee, Hoonjae
[J]. ICISS 2008: INTERNATIONAL CONFERENCE ON INFORMATION SCIENCE AND SECURITY, PROCEEDINGS, 2008, : 87 - +
[7] Security on Dynamic ID-based Authentication Schemes
Zhai, Jingxuan
Cao, Tianjie
Chen, Xiuqing
Huang, Shi
[J]. INTERNATIONAL JOURNAL OF SECURITY AND ITS APPLICATIONS, 2015, 9 (01): : 387 - 396
[8] Weakness in Jung et al.'s ID-based conference key distribution scheme
Nam, J
Kim, S
Won, D
[J]. IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, 2006, E89A (01) : 213 - 218
[9] On the Security of A Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems
Han-Yu Lin
[J]. Journal of Medical Systems, 2013, 37
[10] On the Security of A Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems
Lin, Han-Yu
[J]. JOURNAL OF MEDICAL SYSTEMS, 2013, 37 (02)

← 1 2 3 4 5 →