Impersonation Attack on a Dynamic ID-Based Remote User Authentication Scheme Using Smart Cards

Wei-Chi KU  Shen-Tien CHANG  

IEICE TRANSACTIONS on Communications   Vol.E88-B   No.5   pp.2165-2167
Publication Date: 2005/05/01
Online ISSN: 
DOI: 10.1093/ietcom/e88-b.5.2165
Print ISSN: 0916-8516
Type of Manuscript: LETTER
Category: Fundamental Theories for Communications
dynamic ID,  impersonation attack,  password authentication,  reparability,  smart card,  

Full Text: PDF(56.6KB)>>
Buy this Article

Recently, Das et al. proposed a dynamic ID-based verifier-free password authentication scheme using smart cards. To resist the ID-theft attack, the user's login ID is dynamically generated and one-time used. Herein, we demonstrate that Das et al.'s scheme is vulnerable to an impersonation attack, in which the adversary can easily impersonate any user to login the server at any time. Furthermore, we also show several minor weaknesses of Das et al.'s scheme.