An efficient dynamic ID based remote user authentication scheme using self-certified public keys for multi-server environment

摘要

Recently, Li et al. analyzed Lee et al.'s multi-server authentication schemeand proposed a novel smart card and dynamic ID based remote user authenticationscheme for multi-server environments. They claimed that their scheme can resistseveral kinds of attacks. However, through careful analysis, we find that Li etal.'s scheme is vulnerable to stolen smart card and offline dictionary attack,replay attack, impersonation attack and server spoofing attack. By analyzingother similar schemes, we find that the certain type of dynamic ID basedmulti-server authentication scheme in which only hash functions are used and noregistration center participates in the authentication and session keyagreement phase is hard to provide perfect efficient and secure authentication.To compensate for these shortcomings, we improve the recently proposed Liao etal.'s multi-server authentication scheme which is based on pairing andself-certified public keys, and propose a novel dynamic ID based remote userauthentication scheme for multi-server environments. Liao et al.'s scheme isfound vulnerable to offline dictionary attack and denial of service attack, andcannot provide user's anonymity and local password verification. However, ourproposed scheme overcomes the shortcomings of Liao et al.'s scheme. Securityand performance analyses show the proposed scheme is secure against variousattacks and has many excellent features.