Cryptanalysis of a Secure Dynamic Identity Based Authentication Protocol for Multi-server Architecture

The age of Internet of things gives rise to more challenges to various secure demands when designing the protocols, such as object identification and tracking, and privacy control. In many of the current protocols, a malicious server may cheat users as if it was a legal server, making it vital to verify the legality of both users and servers with the help of a trusted third-party, such as a registration center. Li et al. proposed an authentication protocol based on dynamic identity for multi-server environment, which is still susceptible to password-guessing attack, eavesdropping attack, masquerade attack, and insider attack etc. Besides, their protocol does not provide the anonymity of users, which is an essential request to protect users’ privacy. In this article, we present an improved authentication protocol, depending on the registration center in multi-server environments to remedy these security flaws. Different from the previous protocols, registration center in our proposed protocol is one of parties in authentication phase to verify the legality of the users and the servers, thus can effectively avoid the server spoofing attack. Our protocol only uses nonce, exclusive-OR operation, and one-way hash function in its implementation. Formal analysis has been performed using the Burrows–Abadi–Needham logic to show its security.

Download Full-text

Cryptanalysis of Dynamic Identity Based on a Remote User Authentication Scheme for a Multi-server Environment

Proceedings of the 2015 International Conference on Advances in Mechanical Engineering and Industrial Informatics ◽

10.2991/ameii-15.2015.181 ◽

2015 ◽

Cited By ~ 2

Author(s):

Chung-Huei Ling ◽

Wan-Yu Chao ◽

Shih-Ming Chen ◽

Min-Shiang Hwang

Keyword(s):

User Authentication ◽

Authentication Scheme ◽

Remote User Authentication ◽

Identity Based ◽

User Authentication Scheme ◽

Dynamic Identity ◽

Multi Server ◽

Remote User

Download Full-text

Cryptanalysis of a Secure Dynamic Identity Based Authentication Protocol for Multi-server Architecture

A secure dynamic identity based authentication protocol for multi-server architecture

Cryptanalysis of Sood et al.'s Dynamic Identity Based Authentication Protocol for Multi-Server Architecture

An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards

Cryptanalysis of two dynamic identity based authentication schemes for multi-server architecture

A new dynamic identity-based authentication protocol for multi-server environment using elliptic curve cryptography

Dynamic Identity Based Authentication Protocol for Two-Server Architecture

A Robust Authentication Protocol for Multi-Server Architecture without Smart Cards

A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture

An improved authentication protocol–based dynamic identity for multi-server environments

Cryptanalysis of Dynamic Identity Based on a Remote User Authentication Scheme for a Multi-server Environment

Export Citation Format