Comments on ‘A Dynamic ID-Based Remote User Authentication Scheme’

The initial version of this paper was published in https://www.sciencedirect.com/science/article/abs/pii/S0920548906000122?via=ihub

Comments on ‘A Dynamic ID-Based Remote User Authentication Scheme’

The initial version of this paper was published in https://www.sciencedirect.com/science/article/abs/pii/S0920548906000122?via=ihub

Bi-Crypto: An Efficient System with Enhanced Security

A convenient two factor (2f) authentication is used in smart card password verification. Thus, the two factors are “dynamic ID-based” or “anonymous”. To preserve user privacy, a tamper resistant security feature used in smart cards. Reverse engineering and power analysis techniques were used to reveal some sensitive information from the smart card memory. The smart card verification is securely implemented in memory than in the database that can be easily attacked by any person. A day to day application such as e-banking, e-health and e-governance maintains password tables on server. During login process user identity is transmitted as clear over public networks. Various non-tamper resistant schemes on OTP put forward but claim to be ambitious in design process. Truly a 2f scheme can make sure that the user whoever possess a valid OTP and password can be authorized by the server.

Robust Multiple Servers Architecture Based Authentication Scheme Preserving Anonymity

Recently, many dynamic ID based remote user authentication schemes using smart card have been proposed to improve the security in multiple servers architecture authentication systems. In 2017, Kumari and Om proposed an anonymous multi-server authenticated key agreement scheme, which is believed to be secure against a range of network attacks. Nevertheless, in this paper we reanalyze the security of their scheme, and show that the scheme is vulnerable to impersonation attack and server spoofing attack launched by any adversary without knowing any secret information of the victim users. In addition, their protocol fails to achieve the claimed user privacy protection. For handling these aforementioned shortcomings, we introduce a new biometric-based authentication scheme for multi-server architecture preserving user anonymity. Besides, Burrows—Abadi—Needham (BAN)-logic validated proof and discussion on possible attacks demonstrate the completeness and security of our scheme, respectively. Further, the comparisons in terms of security analysis and performance evaluation of several related protocols show that our proposal can provide stronger security without sacrificing efficiency.