Cryptanalysis and Efficient Dynamic ID Based Remote User Authentication Scheme in Multi-server Environment Using Smart Card

10.6633/IJNS.201601.18(1).19

Ruhul Amin

Authentication ； dynamic ID ； multi-server

International Journal of Network Security

18卷1期（2016 / 01 / 01）

172 - 181

英文

Resembling the single server environment, if the multi- server environment using smart card provides the users to access the different servers after registering once with the registration center and uses the same password and identity for all the service provider's servers, then security would be the matter of great concern. So, remote user authentication scheme becomes necessary to provide a better security. In this regard, many dynamic ID-based remote user authentication schemes in multi-server environment using smart card have been proposed in the literature. In 2012, Sood proposed Dynamic Identity Based Authentication Protocol for Two-Server Architecture and claimed that his scheme is more efficient in terms of security. But it is pointed out that Sood's scheme is insecure against o®-line identity guessing attack, off-line password guessing attack, privileged insider attack, user impersonation attack, session key recovery attack and many logged in users' attack. In 2012, Li et al.'s proposed a scheme for providing better performance than Sood's scheme. But unfortunately Li et al.'s scheme also is insecure against off-line identity guessing attack, off-line password guessing attack, user impersonation attack and many logged in users' attack. To overcome the above mention attacks for both the schemes and related attacks on remote user authentication like (identity and password guessing attack, user impersonation attack, server masquerading attack, insider attack, session key discloser attack, smart card stolen attack, replay attack, many logged in users' attack and stolen verifier attack etc.), we proposed an efficient dynamic ID-Based remote user authentication scheme in multi-server environment using smart card. After performance analysis, the proposed scheme has lower computation complexity, better communication cost and higher security that makes the authentication system more secure and efficient than both Sood's and Li et al.'s schemes published earlier.