WEAKNESSES AND IMPROVEMENT OF HSU-CHUANG’S USER IDENTIFICATION SCHEME

Abstract

In 2004, Yang et al. proposed an efficient user identification scheme with key distribution. The scheme provides user anonymity, so it is possible for the user to anonymously login the remote server. Unfortunately, Mangipudi and Katti found that Yang et al.’s scheme suffers from a Denial-of-Service (DoS) attack and then proposed an improvement of Yang et al.’s scheme. However, Hsu and Chuang demonstrated that Mangipudi-Katti’s scheme is vulnerable to an identity disclosure attack, and further proposed a novel user identification scheme with key distribution preserving user anonymity for distributed computer networks. They claimed that their scheme can achieve the following advantages: (1) user anonymity, (2) key distribution, (3) mutual authentication, and (4) key confirm. In this study, the author shows that Hsu-Chuang’s scheme is vulnerable to three impersonation attacks. Then, the improvement of Hsu-Chuang’s scheme is proposed.