An efficient dynamic ID-based remote user authentication scheme using self-certified public keys for multi-server environments

Recently, Li et al. proposed a novel smart card and dynamic ID-based remote user authentication scheme for multi-server environments. They claimed that their scheme can resist several types of attacks. However, through careful analysis, we find that Li et al.’s scheme is vulnerable to stolen smart c...

Descripción completa

Detalles Bibliográficos
Autores principales: Li, Shudong, Wu, Xiaobo, Zhao, Dawei, Li, Aiping, Tian, Zhihong, Yang, Xiaodong
Formato: Online Artículo Texto
Lenguaje:English
Publicado: Public Library of Science 2018
Materias:
Research Article
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6177128/
https://www.ncbi.nlm.nih.gov/pubmed/30300362
http://dx.doi.org/10.1371/journal.pone.0202657
_version_ 1783361813882077184
author Li, Shudong
Wu, Xiaobo
Zhao, Dawei
Li, Aiping
Tian, Zhihong
Yang, Xiaodong
author_facet Li, Shudong
Wu, Xiaobo
Zhao, Dawei
Li, Aiping
Tian, Zhihong
Yang, Xiaodong
author_sort Li, Shudong
collection PubMed
description Recently, Li et al. proposed a novel smart card and dynamic ID-based remote user authentication scheme for multi-server environments. They claimed that their scheme can resist several types of attacks. However, through careful analysis, we find that Li et al.’s scheme is vulnerable to stolen smart card and off-line dictionary attacks, replay attacks, impersonation attacks and server spoofing attacks. By analyzing other similar schemes, we find that a certain type of dynamic ID-based multi-server authentication scheme in which only hash functions are used and whereby no registration center participates in the authentication and session key agreement phase faces difficulties in providing perfectly efficient and secure authentication. To compensate for these shortcomings, we propose a novel dynamic ID-based remote user authentication scheme for multi-server environments based on pairing and self-certified public keys. Security and performance analyses show that the proposed scheme is secure against various attacks and has many excellent features.
format Online
Article
Text
id pubmed-6177128
institution National Center for Biotechnology Information
language English
publishDate 2018
publisher Public Library of Science
record_format MEDLINE/PubMed
spelling pubmed-61771282018-10-19 An efficient dynamic ID-based remote user authentication scheme using self-certified public keys for multi-server environments Li, Shudong Wu, Xiaobo Zhao, Dawei Li, Aiping Tian, Zhihong Yang, Xiaodong PLoS One Research Article Recently, Li et al. proposed a novel smart card and dynamic ID-based remote user authentication scheme for multi-server environments. They claimed that their scheme can resist several types of attacks. However, through careful analysis, we find that Li et al.’s scheme is vulnerable to stolen smart card and off-line dictionary attacks, replay attacks, impersonation attacks and server spoofing attacks. By analyzing other similar schemes, we find that a certain type of dynamic ID-based multi-server authentication scheme in which only hash functions are used and whereby no registration center participates in the authentication and session key agreement phase faces difficulties in providing perfectly efficient and secure authentication. To compensate for these shortcomings, we propose a novel dynamic ID-based remote user authentication scheme for multi-server environments based on pairing and self-certified public keys. Security and performance analyses show that the proposed scheme is secure against various attacks and has many excellent features. Public Library of Science 2018-10-09 /pmc/articles/PMC6177128/ /pubmed/30300362 http://dx.doi.org/10.1371/journal.pone.0202657 Text en © 2018 Li et al http://creativecommons.org/licenses/by/4.0/ This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0/) , which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.
spellingShingle Research Article
Li, Shudong
Wu, Xiaobo
Zhao, Dawei
Li, Aiping
Tian, Zhihong
Yang, Xiaodong
An efficient dynamic ID-based remote user authentication scheme using self-certified public keys for multi-server environments
title An efficient dynamic ID-based remote user authentication scheme using self-certified public keys for multi-server environments
title_full An efficient dynamic ID-based remote user authentication scheme using self-certified public keys for multi-server environments
title_fullStr An efficient dynamic ID-based remote user authentication scheme using self-certified public keys for multi-server environments
title_full_unstemmed An efficient dynamic ID-based remote user authentication scheme using self-certified public keys for multi-server environments
title_short An efficient dynamic ID-based remote user authentication scheme using self-certified public keys for multi-server environments
title_sort efficient dynamic id-based remote user authentication scheme using self-certified public keys for multi-server environments
topic Research Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6177128/
https://www.ncbi.nlm.nih.gov/pubmed/30300362
http://dx.doi.org/10.1371/journal.pone.0202657
work_keys_str_mv AT lishudong anefficientdynamicidbasedremoteuserauthenticationschemeusingselfcertifiedpublickeysformultiserverenvironments
AT wuxiaobo anefficientdynamicidbasedremoteuserauthenticationschemeusingselfcertifiedpublickeysformultiserverenvironments
AT zhaodawei anefficientdynamicidbasedremoteuserauthenticationschemeusingselfcertifiedpublickeysformultiserverenvironments
AT liaiping anefficientdynamicidbasedremoteuserauthenticationschemeusingselfcertifiedpublickeysformultiserverenvironments
AT tianzhihong anefficientdynamicidbasedremoteuserauthenticationschemeusingselfcertifiedpublickeysformultiserverenvironments
AT yangxiaodong anefficientdynamicidbasedremoteuserauthenticationschemeusingselfcertifiedpublickeysformultiserverenvironments
AT lishudong efficientdynamicidbasedremoteuserauthenticationschemeusingselfcertifiedpublickeysformultiserverenvironments
AT wuxiaobo efficientdynamicidbasedremoteuserauthenticationschemeusingselfcertifiedpublickeysformultiserverenvironments
AT zhaodawei efficientdynamicidbasedremoteuserauthenticationschemeusingselfcertifiedpublickeysformultiserverenvironments
AT liaiping efficientdynamicidbasedremoteuserauthenticationschemeusingselfcertifiedpublickeysformultiserverenvironments
AT tianzhihong efficientdynamicidbasedremoteuserauthenticationschemeusingselfcertifiedpublickeysformultiserverenvironments
AT yangxiaodong efficientdynamicidbasedremoteuserauthenticationschemeusingselfcertifiedpublickeysformultiserverenvironments

Ejemplares similares