Security Enhancement of a Remote User Authentication Scheme Using Smart Cards

Designing cryptographic protocols well suited for today’s distributed large networks poses great challenges in terms of cost, performance, user convenience, functionality, and above all security. As has been pointed out for many years, even designing a two-party authentication scheme is extremely error-prone. This paper discusses the security of Lee et al.’s remote user authentication scheme making use of smart cards. Lee et al.’s scheme was proposed to solve the security problem with Chien et al.’s authentication scheme and was claimed to provide mutual authentication between the server and the remote user. However, we demonstrate that Lee et al.’s scheme only achieves unilateral authentication — only the server can authenticate the remote user, but not vice versa. In addition, we recommend changes to the scheme that fix the security vulnerability.