Comments on ‘A Dynamic ID-Based Remote User Authentication Scheme’

—This paper presents cryptanalysis of ‘a dynamic id-based remote user authentication scheme’ proposed by Das et al. We identify that their work is suspectable to hacking and can be cryptanalyzed. We demonstrate that a hacker can generate a forge login message and bypass the authentication. We also indicate that Das et al.’s method only provides unilateral authentication and there is no mutual authentication between user and remote system. Therefore their work is vulnerable to the server spoofing attack. Furthermore, we identify that Das et al.’s scheme has practical loopholes and infeasible to practical deployment.


I. INTRODUCTION
Remote authentication is a method to authenticate the remote users over an insecure communication network. In 1981, Lamport is the first who presented a remote user authentication technique using password [1]. Later in 2000, Hwang and Li [2] identified that Lamport's work suffers from hacking and changing the password database. Hwang and Li then came up with a novel remote user authentication scheme without using the password database. This work was based on El-Gamal public key technique [3]. To improve the previous works, many remote user authentication algorithms have been proposed in the literature .
Recently, Das et al. [16] presented a dynamic id-based remote user authentication scheme. Their work is new and secure, because dynamic identity for each transaction session can avoid the risk of id-theft. Their work uses one way hash functions. In their work, users can freely choose and change passwords without any problems [16]. They claimed that their work is more secured against some well-known attacks e.g. replay, forgery, guessing, insider, and stolen verifier etc. However, a number of researchers found that their scheme is vulnerable to attacks against their claims and has some loopholes of security.
Awasthi [17] first found that Das et al.'s work has low security and insecure. Awasthi also found that Das et al's work lacks basic needs of authentication theory. Afterwards, Chien and Chen [18] found out that Das et al.'s scheme fails to protect the anonymity of remote users and then they came up with an improved remote authentication technique, which achieves users anonymity. Ku-Chang [19] also pointed out some vulnerabilities of Das  In this paper, we present further cryptanalysis of Das et al.'s scheme and point out that their scheme suffers from practical pitfalls. We also show that an adversary or a legitimate user of the system himself can easily forge a valid pair of login message, so their scheme is vulnerable to the forgery attack. Furthermore, we discuss that Das et al.'s work only provides unilateral authentication. It is also susceptible to the server spoofing attack. We also delineate that their scheme is insecure, inefficient, and not feasible for practical environment.

II. DESCRIPTION OF DAS ET AL.'S SCHEME
There are four phases in Das

A. Registration Phase
In the registration phase, user Ui chooses his password Pwi and submits to the registration server. The remote system performs the following steps: 1. Calculates a nonce , here x is a secret key of the remote server. 2. Personalizes the smart-card with the secure parameters h(.), Ni, and y; where y is remote server's secret key stored in each registered smart card. 3.
: Remote system sends smart card and password to the user over a secure channel.

A. Login Phase
In the login phase, user inserts his smart card in the input device and keys his password. The smart card performs the followings operations: T is the current time stamp of the user.

A. Verification Phase
The remote system receives the message from the user and performs the following operations at time After receiving the forged message from Bob, the remote system validates the T'. If T' is valid, the remote system performs the following: 1. Computes

Remote system checks
Here, Cb holds true and remote system accepts the login request from the Bob who is an adversary. Finally, it is proved that Das et al.'s scheme logins any body that chooses a random password and uses intercepted value of Ni. Thus their scheme is equivalent to the no password scheme.

B. Server Spoofing Attack
Das et al.'s scheme provides unilateral authentication i.e. only client authentication and there is no authenticity of the remote system. Thus, in their scheme there is no mutual authentication between remote user and remote system that is vulnerable and insecure from the practical point of view. The user only sends the message and gets no acknowledgement, which can authenticate the authenticity of the remote system. Hence, their scheme can not withstand the server spoofing attack.

IV. COMMENTS ON PRACTICAL PITFALLS OF DAS ET AL.'S SCHEME
In this section, we discuss the weaknesses and pitfalls which make Das et al.'s scheme vulnerable and susceptible to use.
1. In the registration phase of Das et al.'s system, user only submits his password to the remote authentication server. In their scheme there is no user-id stored in the table to identify the user, which is important from the practical point of view. In practice, users may have same passwords but ID is always unique, which is used as a primary key in the table or database [20] e.g. Social security number or telephone number.
It is very important that every user should have at least one static and unique identifier in the table, because users are given rights or privileges based on that unique identifier which is only associated with that specific user. In case, if there is no unique identifier of users, then system does not have any information that which user can access which facilities provided to him.
Moreover, if a user has to delete from the system or blacklist in the system, then Das 3. Das et al. used the secret number of the remote system i.e. y which is stored in the smart card of each registered user. But unfortunately, this secret number y has no worth in maintaining the system's security, because it is public to all registered users and is saved on the smart card without any encryption or transformation.
Here, we assume that there are thousands of registered users in the system who are using the same remote system's secret number i.e. y and because of some reasons the remote administration wants to change this secret number, then it becomes a cumbersome job and it is practically difficult to do so. One solution is to change the smart cards of all the registered users, which is an inefficient solution. Thus, this drawback also makes the Das

V. CONCLUSION
In this paper, we have presented the cryptanalysis and comments on the Das et al.'s scheme. We have demonstrated that their scheme is vulnerable to the forgery attack, and an adversary can easily impersonate or pass the system authentication. In addition, we have pointed out that Das et al.'s scheme does not provide mutual authentication between client and remote system, thus their scheme is susceptible to the server spoofing attack. Moreover, we have also discussed some practical pitfalls, which make Das et al.'s scheme insecure, inefficient, and infeasible for the practical deployment.