On the security of a dynamic identity-based remote user authentication scheme with verifiable password update

Yongchun Liu; Peng Gong; Xiaopeng Yan; Ping Li

doi:10.1002/dac.2708

On the security of a dynamic identity-based remote user authentication scheme with verifiable password update

Yongchun Liu, Peng Gong^*, Xiaopeng Yan, Ping Li

^*Corresponding author for this work

Beijing Institute of Technology

Research output: Contribution to journal › Article › peer-review

7 Citations (Scopus)

Abstract

Recently, Chang et al. [Chang Y, Tai W, Chang H. Untraceable dynamic identity-based remote user authentication scheme with verifiable password update. International Journal of Communication Systems 2013; doi:10.1002/dac.2552] proposed a dynamic identity-based remote user authentication scheme with verifiable password update. They also proved that their scheme could withstand various attacks. Unfortunately, by proposing concrete attacks, we show that their scheme is vulnerable to three kinds of attacks. We also point out that their scheme cannot provide untraceability. The analysis shows that the scheme of Chang et al. is not suitable for practical applications.

Original language	English
Pages (from-to)	842-847
Number of pages	6
Journal	International Journal of Communication Systems
Volume	28
Issue number	5
DOIs	https://doi.org/10.1002/dac.2708
Publication status	Published - 25 Mar 2015

Keywords

Authentication
Dynamic identity
Password
Privacy
Traceability

Access to Document

10.1002/dac.2708

Cite this

@article{f058ba2540314c96ba4726b7971525ba,

title = "On the security of a dynamic identity-based remote user authentication scheme with verifiable password update",

abstract = "Recently, Chang et al. [Chang Y, Tai W, Chang H. Untraceable dynamic identity-based remote user authentication scheme with verifiable password update. International Journal of Communication Systems 2013; doi:10.1002/dac.2552] proposed a dynamic identity-based remote user authentication scheme with verifiable password update. They also proved that their scheme could withstand various attacks. Unfortunately, by proposing concrete attacks, we show that their scheme is vulnerable to three kinds of attacks. We also point out that their scheme cannot provide untraceability. The analysis shows that the scheme of Chang et al. is not suitable for practical applications.",

keywords = "Authentication, Dynamic identity, Password, Privacy, Traceability",

author = "Yongchun Liu and Peng Gong and Xiaopeng Yan and Ping Li",

note = "Publisher Copyright: Copyright {\textcopyright} 2013 John Wiley & Sons, Ltd.",

year = "2015",

month = mar,

day = "25",

doi = "10.1002/dac.2708",

language = "English",

volume = "28",

pages = "842--847",

journal = "International Journal of Communication Systems",

issn = "1074-5351",

publisher = "John Wiley and Sons Ltd",

number = "5",

}

TY - JOUR

T1 - On the security of a dynamic identity-based remote user authentication scheme with verifiable password update

AU - Liu, Yongchun

AU - Gong, Peng

AU - Yan, Xiaopeng

AU - Li, Ping

PY - 2015/3/25

Y1 - 2015/3/25

N2 - Recently, Chang et al. [Chang Y, Tai W, Chang H. Untraceable dynamic identity-based remote user authentication scheme with verifiable password update. International Journal of Communication Systems 2013; doi:10.1002/dac.2552] proposed a dynamic identity-based remote user authentication scheme with verifiable password update. They also proved that their scheme could withstand various attacks. Unfortunately, by proposing concrete attacks, we show that their scheme is vulnerable to three kinds of attacks. We also point out that their scheme cannot provide untraceability. The analysis shows that the scheme of Chang et al. is not suitable for practical applications.

AB - Recently, Chang et al. [Chang Y, Tai W, Chang H. Untraceable dynamic identity-based remote user authentication scheme with verifiable password update. International Journal of Communication Systems 2013; doi:10.1002/dac.2552] proposed a dynamic identity-based remote user authentication scheme with verifiable password update. They also proved that their scheme could withstand various attacks. Unfortunately, by proposing concrete attacks, we show that their scheme is vulnerable to three kinds of attacks. We also point out that their scheme cannot provide untraceability. The analysis shows that the scheme of Chang et al. is not suitable for practical applications.

KW - Authentication

KW - Dynamic identity

KW - Password

KW - Privacy

KW - Traceability

UR - http://www.scopus.com/inward/record.url?scp=84923215682&partnerID=8YFLogxK

U2 - 10.1002/dac.2708

DO - 10.1002/dac.2708

M3 - Article

AN - SCOPUS:84923215682

SN - 1074-5351

VL - 28

SP - 842

EP - 847

JO - International Journal of Communication Systems

JF - International Journal of Communication Systems

IS - 5

ER -

On the security of a dynamic identity-based remote user authentication scheme with verifiable password update

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this