Cryptanalysis and Improvement of Jiang et al.'s Smart Card Based Remote User Authentication Scheme

摘要

The smart card based authentication protocols try to ensure secure andauthorized communication between remote entities. In 2012, Wei et al. presentedan improvement of Wu et al.'s two-factor authentication scheme for TMIS whichis proven vulnerable to off-line password guessing attack by Zhu. Zhu alsoproposed a modified scheme to overcome with weakness of Wei et al.'s scheme,although Lee and Liu showed the failure of his scheme to resist parallelsession attacks. Moreover, Lee and Liu introduced an improved scheme. Weanalyze Wei et al.'s, Zhu's and Lee and Liu's schemes and identify that none ofthe schemes resist on-line password guessing attack. Moreover, these schemes donot present efficient login and password chance phase. We also show that howinefficient password change phase causes denial of service attack. Further, wepropose an improved password based remote user authentication scheme with theaim to eliminate all the drawbacks of previously presented schemes.