On the Privacy of Khan et al.'s Dynamic ID-Based Remote Authentication Scheme with User Anonymity

Da Zhi Sun; Zhen Fu Cao

doi:10.1080/01611194.2013.797039

On the Privacy of Khan et al.'s Dynamic ID-Based Remote Authentication Scheme with User Anonymity

Da Zhi Sun^*
, Zhen Fu Cao

^*Corresponding author for this work

Tianjin University

Research output: Contribution to journal › Article › peer-review

5 Scopus citations

Abstract

Very recently, Khan, Kim, and Alghathbar [6] proposed a dynamic ID-based remote user authentication scheme and claimed that their scheme can provide user anonymity. However, in this article, the authors demonstrate that either a malicious user or an adversary with a valid smart card can trace any user by eavesdropping on his normal authentication session over the public channel. Therefore, Khan et al.'s scheme fails to provide the privacy service as claimed. Hence, the authors present an improved scheme to overcome its flaw and examine the privacy of the improved scheme by using the smart card-based privacy model. In addition, the security and efficiency of the improved scheme are scrutinized. The conclusive result is that the design of the improved scheme is reasonable in not only both privacy and security aspects but also the performance aspect.

Original language	English
Pages (from-to)	345-355
Number of pages	11
Journal	Cryptologia
Volume	37
Issue number	4
DOIs	https://doi.org/10.1080/01611194.2013.797039
State	Published - Sep 2013
Externally published	Yes

Keywords

anonymity
authentication
cryptanalysis
network security
smart card

Access to Document

10.1080/01611194.2013.797039

Cite this

@article{7f1ed04a9b6a4072bee92bb48704fac9,

title = "On the Privacy of Khan et al.'s Dynamic ID-Based Remote Authentication Scheme with User Anonymity",

abstract = "Very recently, Khan, Kim, and Alghathbar [6] proposed a dynamic ID-based remote user authentication scheme and claimed that their scheme can provide user anonymity. However, in this article, the authors demonstrate that either a malicious user or an adversary with a valid smart card can trace any user by eavesdropping on his normal authentication session over the public channel. Therefore, Khan et al.'s scheme fails to provide the privacy service as claimed. Hence, the authors present an improved scheme to overcome its flaw and examine the privacy of the improved scheme by using the smart card-based privacy model. In addition, the security and efficiency of the improved scheme are scrutinized. The conclusive result is that the design of the improved scheme is reasonable in not only both privacy and security aspects but also the performance aspect.",

keywords = "anonymity, authentication, cryptanalysis, network security, smart card",

author = "Sun, \{Da Zhi\} and Cao, \{Zhen Fu\}",

year = "2013",

month = sep,

doi = "10.1080/01611194.2013.797039",

language = "英语",

volume = "37",

pages = "345--355",

journal = "Cryptologia",

issn = "0161-1194",

publisher = "Routledge",

number = "4",

}

TY - JOUR

T1 - On the Privacy of Khan et al.'s Dynamic ID-Based Remote Authentication Scheme with User Anonymity

AU - Sun, Da Zhi

AU - Cao, Zhen Fu

PY - 2013/9

Y1 - 2013/9

N2 - Very recently, Khan, Kim, and Alghathbar [6] proposed a dynamic ID-based remote user authentication scheme and claimed that their scheme can provide user anonymity. However, in this article, the authors demonstrate that either a malicious user or an adversary with a valid smart card can trace any user by eavesdropping on his normal authentication session over the public channel. Therefore, Khan et al.'s scheme fails to provide the privacy service as claimed. Hence, the authors present an improved scheme to overcome its flaw and examine the privacy of the improved scheme by using the smart card-based privacy model. In addition, the security and efficiency of the improved scheme are scrutinized. The conclusive result is that the design of the improved scheme is reasonable in not only both privacy and security aspects but also the performance aspect.

AB - Very recently, Khan, Kim, and Alghathbar [6] proposed a dynamic ID-based remote user authentication scheme and claimed that their scheme can provide user anonymity. However, in this article, the authors demonstrate that either a malicious user or an adversary with a valid smart card can trace any user by eavesdropping on his normal authentication session over the public channel. Therefore, Khan et al.'s scheme fails to provide the privacy service as claimed. Hence, the authors present an improved scheme to overcome its flaw and examine the privacy of the improved scheme by using the smart card-based privacy model. In addition, the security and efficiency of the improved scheme are scrutinized. The conclusive result is that the design of the improved scheme is reasonable in not only both privacy and security aspects but also the performance aspect.

KW - anonymity

KW - authentication

KW - cryptanalysis

KW - network security

KW - smart card

UR - https://www.scopus.com/pages/publications/84885068125

U2 - 10.1080/01611194.2013.797039

DO - 10.1080/01611194.2013.797039

M3 - 文章

AN - SCOPUS:84885068125

SN - 0161-1194

VL - 37

SP - 345

EP - 355

JO - Cryptologia

JF - Cryptologia

IS - 4

ER -

On the Privacy of Khan et al.'s Dynamic ID-Based Remote Authentication Scheme with User Anonymity

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this