Attacks to Li et al.'s Billing Service User Authentication Scheme

This paper is intended to explore the weakness of Li et al.'s billing service user authentication scheme. The users of this authentication scheme are required to compute a series of session keys and use different session key in different session to strengthen the robustness of this scheme. They are not only difficult to remember but also can be figured out by attacks, making authentication function useless. In addition, the system may cause denial of service because synchronization could not always be guaranteed. We illustrate all possible attacks against this system that may be realized, and give an analysis of its weakness.