Abstract
The design of secure remote user authentication schemes for mobile devices in Cloud Computing is still an open and quite challenging problem, though many such schemes have been published lately. Recently, Chen et al. pointed out that Yang and Chang’s ID-based authentication scheme based on elliptic curve cryptography (ECC) is vulnerable to various attacks, and then presented an improved password based authentication scheme using ECC to overcome the drawbacks. Based on heuristic security analysis, Chen et al. claimed that their scheme is more secure and can withstand all related attacks. In this paper, however, we show that Chen et al.’s scheme cannot achieve the claimed security goals and report its flaws: (1) It is vulnerable to offline password guessing attack; (2) It fails to preserve user anonymity; (3) It is prone to key compromise impersonation attack; (4) It suffers from the clock synchronization problem. The cryptanalysis demonstrates that the scheme under study is unfit for practical use in Cloud Computing environment.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Baldoni, R., Corsaro, A., Querzoni, L., Scipioni, S., Piergiovanni, S.: Coupling-based internal clock synchronization for large-scale dynamic distributed systems. IEEE Transactions on Parallel and Distributed Systems 21(5), 607–619 (2010)
Chang, C.C., Lee, C.Y.: A secure single sign-on mechanism for distributed computer networks. IEEE Transactions on Industrial Electronics 59(1), 629–637 (2012)
Chen, T., Yeh, H., Shih, W.: An advanced ecc dynamic id-based remote mutual authentication scheme for cloud computing. In: Proceedings of the 2011 Fifth FTRA International Conference on Multimedia and Ubiquitous Engineering, pp. 155–159. IEEE Computer Society (2011)
Giridhar, A., Kumar, P.: Distributed clock synchronization over wireless networks: Algorithms and analysis. In: 2006 45th IEEE Conference on Decision and Control, pp. 4915–4920. IEEE (2006)
Gong, L.: A security risk of depending on synchronized clocks. ACM SIGOPS Operating Systems Review 26(1), 49–53 (1992)
Islam, S.H., Biswas, G.: A more efficient and secure id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Journal of Systems and Software 84(11), 1892–1898 (2011)
Kasper, T., Oswald, D., Paar, C.: Side-Channel Analysis of Cryptographic RFIDs with Analog Demodulation. In: Juels, A., Paar, C. (eds.) RFIDSec 2011. LNCS, vol. 7055, pp. 61–77. Springer, Heidelberg (2012)
Ma, C.-G., Wang, D., Zhang, Q.-M.: Cryptanalysis and Improvement of Sood et al.’s Dynamic ID-Based Authentication Scheme. In: Ramanujam, R., Ramaswamy, S. (eds.) ICDCIT 2012. LNCS, vol. 7154, pp. 141–152. Springer, Heidelberg (2012)
Mangard, S., Oswald, E., Standaert, F.X.: One for all-all for one: unifying standard differential power analysis attacks. IET Information Security 5(2), 100–110 (2011)
Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers 51(5), 541–552 (2002)
Wang, D., Ma, C.G.: On the security of an improved password authentication scheme based on ecc. Cryptology ePrint Archive, Report 2012/190 (2012), http://eprint.iacr.org/2012/190.pdf
Wang, D., Ma, C.-G., Wu, P.: Secure Password-Based Remote User Authentication Scheme with Non-tamper Resistant Smart Cards. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 114–121. Springer, Heidelberg (2012)
Xu, J., Zhu, W., Feng, D.: An improved smart card based password authentication scheme with provable security. Computer Standards & Interfaces 31(4), 723–728 (2009)
Yang, G., Wong, D.S., Wang, H., Deng, X.: Formal Analysis and Systematic Construction of Two-Factor Authentication Scheme (Short Paper). In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 82–91. Springer, Heidelberg (2006)
Yang, J., Chang, C.: An id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Computers & security 28(3-4), 138–143 (2009)
Yu, H., Powell, N., Stembridge, D., Yuan, X.: Cloud computing and security challenges. In: Proceedings of the 50th Annual Southeast Regional Conference, pp. 298–302. ACM (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wang, D., Mei, Y., Ma, Cg., Cui, Zs. (2012). Comments on an Advanced Dynamic ID-Based Authentication Scheme for Cloud Computing. In: Wang, F.L., Lei, J., Gong, Z., Luo, X. (eds) Web Information Systems and Mining. WISM 2012. Lecture Notes in Computer Science, vol 7529. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33469-6_34
Download citation
DOI: https://doi.org/10.1007/978-3-642-33469-6_34
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33468-9
Online ISBN: 978-3-642-33469-6
eBook Packages: Computer ScienceComputer Science (R0)