Improved Remote User Authentication Scheme Preserving User Anonymity

Abstract

Most of smart card-based remote authentication schemes proposed didn 't protect the users' identities while authenticating the users, even though user anonymity is an important issue in many e-commerce applications. In 2004, Das et al. proposed a remote authentication scheme to authenticate users while preserving the users' anonymity. Their scheme adopted dynamic identification to achieve this function. Then in 2005, Chien and Chen pointed out Das et al. 's scheme fails to protect the user's anonymity and proposed a new remote authentication scheme preserving user anonymity. This paper, however, will demonstrate that Chien and Chen's scheme has also some problems: it cannot resist strong masquerading server/user attack, insider attack, denial of service attack and restricted replay attack; it also has the problem of slow wrong password detection. Therefore, an improved scheme is proposed to conquer these problems.