Premium
Cryptanalysis of a dynamic identity‐based remote user authentication scheme with verifiable password update
Author(s) -
Li Xiong,
Niu Jianwei,
Liao Junguo,
Liang Wei
Publication year - 2013
Publication title -
international journal of communication systems
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.344
H-Index - 49
eISSN - 1099-1131
pISSN - 1074-5351
DOI - 10.1002/dac.2676
Subject(s) - computer science , password , computer security , verifiable secret sharing , cryptanalysis , password cracking , one time password , scheme (mathematics) , authentication (law) , smart card , identity (music) , s/key , password strength , computer network , cryptography , mathematical analysis , programming language , physics , mathematics , set (abstract data type) , acoustics
SUMMARY In the authentication scheme, it is important to ensure that the user's identity changed dynamically with the different sessions, which can protect the user's privacy information from being tracked. Recently, Chang et al . proposed an untraceable dynamic identity‐based remote user authentication scheme with verifiable password update. However, our analysis show that the property of untraceability can easily be broken by the legal user of the system. Besides, we find the scheme of Chang et al . vulnerable to offline password guessing attack, impersonation attack, stolen smart card attack, and insider attack. Copyright © 2013 John Wiley & Sons, Ltd.