An enhanced anonymous remote user authentication scheme using smart card in insecure communication channel

Abstract

To prove the legitimacy among the users and to ensure the secure communication over the insecure network the remote user authentication using smart card and password is one of the simplest and efficient mechanisms. In this context, Kumari et al. proposed an improved remote user authentication scheme and claimed, their scheme is more user friendly, can resist various possible attacks at very low cost than existing ones. Unfortunately, during our research we have found this is not the case, their scheme cannot sustain against all those attacks for which the scheme was meant. In this paper, we have pointed out that their scheme not only can suffer from user anonymity problem but also fails to resist against offline password guessing attack, server masquerading attack and can create the risk of session key agreement too. Then, while retaining the original merits of their scheme we propose an efficient and modified scheme to overcome from aforesaid weaknesses, but at low computational cost.