Cryptanalysis of Sun and Cao's Remote Authentication Scheme with User Anonymity
Dheerendra Mishra
TL;DR
This paper critically examines Sun and Cao's remote authentication scheme, revealing vulnerabilities such as susceptibility to password guessing attacks and lack of forward secrecy, despite improvements over previous schemes.
Contribution
The paper provides a detailed cryptanalysis of Sun and Cao's scheme, identifying security flaws and limitations not previously addressed.
Findings
Sun and Cao's scheme is vulnerable to password guessing attacks.
The scheme does not provide forward secrecy.
It improves privacy and performance but has critical security flaws.
Abstract
Dynamic ID-based remote user authentication schemes ensure efficient and anonymous mutual authentication between entities. In 2013, Khan et al. proposed an improved dynamic ID-based authentication scheme to overcome the security flaws of Wang et al.'s authentication scheme. Recently, Sun and Cao showed that Khan et al. does not satisfies the claim of the user's privacy and proposed an efficient authentication scheme with user anonymity. The Sun and Cao's scheme achieve improvement over Khan et al.'s scheme in both privacy and performance point of view. Unfortunately, we identify that Sun and Cao's scheme does not resist password guessing attack. Additionally, Sun and Cao's scheme does not achieve forward secrecy.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Authentication Protocols Security · User Authentication and Security Systems · Cryptography and Data Security