Comment on A dynamic ID-based Remote User Authentication Scheme
Amit K Awasthi
TL;DR
This paper critically examines Das et al.'s dynamic ID-based remote user authentication scheme, revealing significant security flaws that compromise its claimed protections, effectively rendering it insecure for practical use.
Contribution
The paper provides a security analysis demonstrating that Das et al.'s scheme is fundamentally insecure, challenging its purported resistance to various attacks.
Findings
Das et al.'s scheme is completely insecure
Using this scheme is equivalent to open server access without password
The scheme fails to resist common attack vectors
Abstract
Since 1981, when Lamport introduced the remote user authentication scheme using table, a plenty of schemes had been proposed with tables or without table using. Recently Das et al. proposed a dynamic id-based remote user authentication scheme. They claimed that their scheme is secure against ID-theft, and can resist the reply attacks, forgery attacks, insider attacks an so on. In this paper we show that Das et al's scheme is completly insecure and using of this scheme is like an open server access without password.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Authentication Protocols Security · User Authentication and Security Systems · Cryptography and Data Security