An improvement of Wang et al.'s authentication scheme using smart cards

Abstract

In 2009, Wang et al. argued that Das et al.'s scheme is vulnerable to stolen smart card attack if an attacker obtains the smart card of legitimate user and chooses any random password. Then the attacker gets through the authentication process to get access of the remote server. Therefore, Wang et al. proposed an improved scheme to preclude the weaknesses of Das et al.'s scheme. However, we found that Wang et al.'s scheme is vulnerable to impersonation attack, stolen smart card attack and offline password guessing attack. This paper improves Wang et al.'s scheme to resolve the aforementioned problems, while keeping the merits of different dynamic identity based authentication schemes.