A more efficient and secure dynamic ID-based remote user authentication scheme

“…Unfortunately, we find that Wang et al's scheme [12] is still vulnerable to impersonation attacks. Accordingly, this letter demonstrates that Wang et al's scheme is vulnerable to impersonation attacks, in which an attacker can easily impersonate any legal user.…”

“…We briefly recall Wang et al's scheme in [12]. The notations used in the scheme are shown as follows:…”

“…Quite recently, Wang et al [12] proposed an efficient and secure dynamic ID-based remote user authentication scheme based on the one-way secure hash function. Wang et al claimed that their scheme has the following merits: 1) it allows users to change and choose passwords freely; 2) server does not maintain any verifier tables because it uses a smartcard to store a secret key; 3) it provides mutual authentication between user and remote server; 4) it overcomes the fatal drawback that user's authentication is independent of the password; 5) it is secure to against ID-theft [9]- [11], replay attacks and insider attacks, etc.…”

“…Password-based authentication scheme is the most common method to check the validity of the login message and authenticate the user. Recently, many authentication schemes [1]- [12] have been proposed to improve the security and practicability of authentication.…”

On the Security of an Efficient and Secure Dynamic ID-Based Remote User Authentication Scheme

“…Unfortunately, we find that Wang et al's scheme [12] is still vulnerable to impersonation attacks. Accordingly, this letter demonstrates that Wang et al's scheme is vulnerable to impersonation attacks, in which an attacker can easily impersonate any legal user.…”

“…We briefly recall Wang et al's scheme in [12]. The notations used in the scheme are shown as follows:…”

“…Quite recently, Wang et al [12] proposed an efficient and secure dynamic ID-based remote user authentication scheme based on the one-way secure hash function. Wang et al claimed that their scheme has the following merits: 1) it allows users to change and choose passwords freely; 2) server does not maintain any verifier tables because it uses a smartcard to store a secret key; 3) it provides mutual authentication between user and remote server; 4) it overcomes the fatal drawback that user's authentication is independent of the password; 5) it is secure to against ID-theft [9]- [11], replay attacks and insider attacks, etc.…”

“…Password-based authentication scheme is the most common method to check the validity of the login message and authenticate the user. Recently, many authentication schemes [1]- [12] have been proposed to improve the security and practicability of authentication.…”

On the Security of an Efficient and Secure Dynamic ID-Based Remote User Authentication Scheme

“…In their scheme, no table is maintained to verify users. However, Wang et al [12] later showed that Das' scheme does not provide two-way authentication resulting in server impersonation attack. They also show that, in case of smart card theft, the attacker can choose any random password to impersonate the user.…”

Cryptanalysis and Improvement of a Two-Factor User Authentication Scheme Providing Mutual Authentication and Key Agreement over Insecure Channels

Protecting Patient Data with 2F‐ Authentication