Breaking a Remote User Authentication Scheme for Multi-Server Architecture
Xiang Cao, Non-Member, IEEE, and Sheng Zhong, Non-Member, IEEE
Abstract—
Lin et al. [1] proposed a remote user authentication scheme for multi-server architecture. In this paper, we breaks this scheme by giving an attack. Our attack allows an adversary to impersonate any user in the system, as long as a single
authentication message of that user is observed.
Index Terms—Authentication, cryptanalysis, security.
I. INTRODUCTION
REMOTE user authentication is very important for computer networks and distributed systems. In [1], Lin et al. presented a new remote authentication scheme for multiserver architecture. Their scheme is based on the ElGamal
digital signature scheme and geometric transformations on an Euclidean plane. They claimed that their scheme was highly secure against various types of attacks in a multi-server environment. Unfortunately, as we will point out in this paper, Lin et al.’s scheme is not secure. More precisely, we present, in Section 3, an attack that allows an adversary to impersonate any user, after a single authentication message from that user is observed. To make our presentation clear, we first review their authentication scheme in Section 2.
