An efficient dynamic ID-based remote user authentication scheme using self-certified public keys for multi-server environments

Recently, Li et al. proposed a novel smart card and dynamic ID-based remote user authentication scheme for multi-server environments. They claimed that their scheme can resist several types of attacks. However, through careful analysis, we find that Li et al.’s scheme is vulnerable to stolen smart c...

Descripción completa

Detalles Bibliográficos
Autores principales: Li, Shudong, Wu, Xiaobo, Zhao, Dawei, Li, Aiping, Tian, Zhihong, Yang, Xiaodong
Formato: Online Artículo Texto
Lenguaje:English
Publicado: Public Library of Science 2018
Materias:
Research Article
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6177128/
https://www.ncbi.nlm.nih.gov/pubmed/30300362
http://dx.doi.org/10.1371/journal.pone.0202657
Descripción
Sumario:Recently, Li et al. proposed a novel smart card and dynamic ID-based remote user authentication scheme for multi-server environments. They claimed that their scheme can resist several types of attacks. However, through careful analysis, we find that Li et al.’s scheme is vulnerable to stolen smart card and off-line dictionary attacks, replay attacks, impersonation attacks and server spoofing attacks. By analyzing other similar schemes, we find that a certain type of dynamic ID-based multi-server authentication scheme in which only hash functions are used and whereby no registration center participates in the authentication and session key agreement phase faces difficulties in providing perfectly efficient and secure authentication. To compensate for these shortcomings, we propose a novel dynamic ID-based remote user authentication scheme for multi-server environments based on pairing and self-certified public keys. Security and performance analyses show that the proposed scheme is secure against various attacks and has many excellent features.

Ejemplares similares