Skip to Main Content
In 2004, Zhu and Ma proposed a new and efficient authentication scheme claiming to provide anonymity for wireless environments. Two years later, Lee et al. revealed several previously unpublished flaws in Zhu-Ma's authentication scheme and proposed a fix. More recently in 2008, Wu et al. pointed out that Lee et al.'s proposed fix fails to preserve anonymity as claimed and then proposed yet another fix to address the problem. In this paper, we use Wu et al.'s scheme as a case study and demonstrate that due to an inherent design flaw in Zhu-Ma's scheme, the latter and its successors are unlikely to provide anonymity. We hope that by identifying this design flaw, similar structural mistakes can be avoided in future designs.