Weaknesses of a dynamic ID-based remote user authentication scheme

Debiao He, Jianhua Chen, Rui Zhang
2010 International Journal of Electronic Security and Digital Forensics  
The security of a password authentication scheme using smart cards proposed by Khan et al. is analyzed. Four kinds of attacks are presented in different scenarios. The analyses show that the scheme is insecure for practical application. * i J equals i J . But, in the registration phase, i J is not stored in the smart card. We think Khan et al.'s may make a mistake when design the registration phase and the password change phase. We demonstrate the drawbacks as follows.  i J is not stored in
more » ... smart card If i J is not stored in the smart card, then the step 2) of password change phase in Khan et al.'s scheme must be canceled, then Khan et al.'s scheme is vulnerable to the Denial-of-service (DoS) attack. In password authentication, DoS attack can cause permanent error on authentication by introducing unexpected data during the procedures of authentication. The most vulnerable procedure is the password changing phase since it usually refreshes the data in storage. If an
doi:10.1504/ijesdf.2010.038613 fatcat:uf2jjx3s2beefkcc6ydaf2nb7e