Security analysis of a remote user authentication scheme using smart card

Abstract

Chien et al proposed an efficient and practical remote authentication using smart cards. In 2004, Ku et al pointed out that Chien et alpsilas scheme is insecure, and proposed an improved password-based remote user authentication scheme. In this paper, the security of Kupsilas scheme is analyzed. It is demonstrated that Kupsilas scheme still has some weaknesses: it cannot withstand against the parallel session attack; it is vulnerable to the password guessing attacks and another new attack; it cannot resist on changing time stamp attack. It is then concluded that Kupsilas scheme cannot achieve the security requirements as their claims. Based on the analysis, we find all the attacks are happened because of the simple computation of h(ci oplus Tj) in all the phases of remote authentication, thus we develop a hyper-complex chaotic hash scheme. It is evidently shown that the security of the improved remote user authentication scheme is efficiently enhanced.