Security weaknesses of dynamic ID-based remote user authentication protocol

Hyoungseob Lee, Donghyun Choi, Yunho Lee, Dongho Won, Seung-Joo Kim

Research output: Contribution to journalArticle

10 Citations (Scopus)

Abstract

Recently, with the appearance of smart cards, many user authentication protocols using smart card have been proposed to mitigate the vulnerabilities in user authentication process. In 2004, Das et al. proposed a ID-based user authentication protocol that is secure against ID-theft and replay attack using smart card. In 2009, Wang et al. showed that Das et al.'s protocol is not secure to randomly chosen password attack and impersonation attack, and proposed an improved protocol. Their protocol provided mutual authentication and efficient password management. In this paper, we analyze the security weaknesses and point out the vulnerabilities of Wang et al.'s protocol.

Original languageEnglish
Pages (from-to)190-193
Number of pages4
JournalWorld Academy of Science, Engineering and Technology
Volume59
Publication statusPublished - 2009 Nov 1
Externally publishedYes

Fingerprint

Authentication
Smart cards

Keywords

  • Impersonation attack
  • Message alteration attack

ASJC Scopus subject areas

  • Engineering(all)

Cite this

Security weaknesses of dynamic ID-based remote user authentication protocol. / Lee, Hyoungseob; Choi, Donghyun; Lee, Yunho; Won, Dongho; Kim, Seung-Joo.

In: World Academy of Science, Engineering and Technology, Vol. 59, 01.11.2009, p. 190-193.

Research output: Contribution to journalArticle

Lee, Hyoungseob ; Choi, Donghyun ; Lee, Yunho ; Won, Dongho ; Kim, Seung-Joo. / Security weaknesses of dynamic ID-based remote user authentication protocol. In: World Academy of Science, Engineering and Technology. 2009 ; Vol. 59. pp. 190-193.
@article{33f8c18a02cb41c38a739cc2f925319a,
title = "Security weaknesses of dynamic ID-based remote user authentication protocol",
abstract = "Recently, with the appearance of smart cards, many user authentication protocols using smart card have been proposed to mitigate the vulnerabilities in user authentication process. In 2004, Das et al. proposed a ID-based user authentication protocol that is secure against ID-theft and replay attack using smart card. In 2009, Wang et al. showed that Das et al.'s protocol is not secure to randomly chosen password attack and impersonation attack, and proposed an improved protocol. Their protocol provided mutual authentication and efficient password management. In this paper, we analyze the security weaknesses and point out the vulnerabilities of Wang et al.'s protocol.",
keywords = "Impersonation attack, Message alteration attack",
author = "Hyoungseob Lee and Donghyun Choi and Yunho Lee and Dongho Won and Seung-Joo Kim",
year = "2009",
month = "11",
day = "1",
language = "English",
volume = "59",
pages = "190--193",
journal = "World Academy of Science, Engineering and Technology",
issn = "2010-376X",
publisher = "World Academy of Science Engineering and Technology",

}

TY - JOUR

T1 - Security weaknesses of dynamic ID-based remote user authentication protocol

AU - Lee, Hyoungseob

AU - Choi, Donghyun

AU - Lee, Yunho

AU - Won, Dongho

AU - Kim, Seung-Joo

PY - 2009/11/1

Y1 - 2009/11/1

N2 - Recently, with the appearance of smart cards, many user authentication protocols using smart card have been proposed to mitigate the vulnerabilities in user authentication process. In 2004, Das et al. proposed a ID-based user authentication protocol that is secure against ID-theft and replay attack using smart card. In 2009, Wang et al. showed that Das et al.'s protocol is not secure to randomly chosen password attack and impersonation attack, and proposed an improved protocol. Their protocol provided mutual authentication and efficient password management. In this paper, we analyze the security weaknesses and point out the vulnerabilities of Wang et al.'s protocol.

AB - Recently, with the appearance of smart cards, many user authentication protocols using smart card have been proposed to mitigate the vulnerabilities in user authentication process. In 2004, Das et al. proposed a ID-based user authentication protocol that is secure against ID-theft and replay attack using smart card. In 2009, Wang et al. showed that Das et al.'s protocol is not secure to randomly chosen password attack and impersonation attack, and proposed an improved protocol. Their protocol provided mutual authentication and efficient password management. In this paper, we analyze the security weaknesses and point out the vulnerabilities of Wang et al.'s protocol.

KW - Impersonation attack

KW - Message alteration attack

UR - http://www.scopus.com/inward/record.url?scp=78651563219&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=78651563219&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:78651563219

VL - 59

SP - 190

EP - 193

JO - World Academy of Science, Engineering and Technology

JF - World Academy of Science, Engineering and Technology

SN - 2010-376X

ER -