Cryptanalysis of Two Dynamic Identity Based Authentication Schemes for Multi-Server Architecture  

作　　者：WAN Tao JIANG Nan MA Jianfeng 

机构地区：[1]School of Computer, Xidian University, Xi'an 710071, P. R. China [2]School of Information Engineer, East China Jiaotong University, Nanchang 330013, P. R. China

出　　处：《China Communications》2014年第11期125-134,共10页中国通信（英文版）

基　　金：supported by the Key Program of NSFC-Guangdong Union Foundation under Grant No.U1135002;Young Foundation of Humanities and Social Sciences of MOE (Ministry of Education in China) of under Grant No.11YJCZH160;Foundation for Young Scientists of Jiangxi Province of China under Grant No.20133BCB23016

摘　　要：Since network services are provided cooperatively by multiple servers in the lnternet, the authentication protocols for multiserver architecture are required by Internetbased services, such as online game, online trade and so on. Recently, Li et al. analyzed Lee et al.＇s protocol and proposed an improved dynamic identity based authentication protocol for multi-server architecture. They claimed that their protocol provides user＇s anonymity, mutual authentication and the session key agreement against several kinds of attacks. In this paper, a cryptanalysis on Lee et al.＇s scheme shows that Lee et al＇s protocol is also vulnerable to malicious server attack, stolen smart card attack and leak-of-verifier attack. Moreover, Li e/ al.＇s improved protocol is also vulnerable to all these attacks. Further cryptanalysis reveals that Li et al.＇s improved protocol is susceptible to collusion attack.Since network services are provided cooperatively by multiple servers in the Internet,the authentication protocols for multiserver architecture are required by Internetbased services,such as online game,online trade and so on.Recently,Li et al.analyzed Lee et al.'s protocol and proposed an improved dynamic identity based authentication protocol for multi-server architecture.They claimed that their protocol provides user's anonymity,mutual authentication and the session key agreement against several kinds of attacks.In this paper,a cryptanalysis on Lee et al.'s scheme shows that Lee et al.'s protocol is also vulnerable to malicious server attack,stolen smart card attack and leak-of-verifier attack.Moreover,Li et al.'s improved protocol is also vulnerable to all these attacks.Further cryptanalysis reveals that Li et al.'s improved protocol is susceptible to collusion attack.

关 键 词：AUTHENTICATION MULTI-SERVER smart card ANONYMITY Dynamic ID 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构] TP393[自动化与计算机技术—计算机科学与技术]