Cryptanalysis of a dynamic identity‐based remote user authentication scheme with verifiable password update |
| |
| Authors: | Xiong Li Jianwei Niu Junguo Liao Wei Liang |
| |
| Affiliation: | 1. School of Computer Science and Engineering, Hunan University of Science and Technology, Xiangtan, China;2. State Key Laboratory of Software Development Environment, Beihang University, Beijing, China |
| |
| Abstract: | In the authentication scheme, it is important to ensure that the user's identity changed dynamically with the different sessions, which can protect the user's privacy information from being tracked. Recently, Chang et al. proposed an untraceable dynamic identity‐based remote user authentication scheme with verifiable password update. However, our analysis show that the property of untraceability can easily be broken by the legal user of the system. Besides, we find the scheme of Chang et al. vulnerable to offline password guessing attack, impersonation attack, stolen smart card attack, and insider attack. Copyright © 2013 John Wiley & Sons, Ltd. |
| |
| Keywords: | authentication dynamic identity cryptanalysis password privacy |
|
|
