Cryptanalysis of Sun and Cao's Remote Authentication Scheme with User Anonymity
This work highlights critical security vulnerabilities in an authentication scheme, which is incremental as it builds on prior cryptanalysis in the field of dynamic ID-based remote user authentication.
The paper identifies that Sun and Cao's remote authentication scheme with user anonymity is vulnerable to password guessing attacks and fails to achieve forward secrecy, exposing security flaws in a scheme previously claimed to improve privacy and performance.
Dynamic ID-based remote user authentication schemes ensure efficient and anonymous mutual authentication between entities. In 2013, Khan et al. proposed an improved dynamic ID-based authentication scheme to overcome the security flaws of Wang et al.'s authentication scheme. Recently, Sun and Cao showed that Khan et al. does not satisfies the claim of the user's privacy and proposed an efficient authentication scheme with user anonymity. The Sun and Cao's scheme achieve improvement over Khan et al.'s scheme in both privacy and performance point of view. Unfortunately, we identify that Sun and Cao's scheme does not resist password guessing attack. Additionally, Sun and Cao's scheme does not achieve forward secrecy.