An Improved Protocol for Password Authentication Using Smart Cards

In recent years, several password authentication schemes for remote login and verification have been widely implemented for systems that control and access to Internet applications. Therefore, how to assure the security protection of these related operations in computer networks has been extensively investigated by many engineers in these two decades. Recently, an advanced smart card based password authentication scheme is proposed by Song. He claimed that the proposed scheme performs secure operations and activities over the insecure network communications. However, Song’s scheme is still vulnerable to the off-line password guessing attack, and it is lack of perfect forward secrecy and system reparability. In this paper, we state the security weaknesses of Song’s scheme, and then propose an improvement of the password based authentication scheme which not only inherits the criteria of authentication scheme such as mutual authentication and session key agreement but also protects against the risk of various attacks over the insecure Internet environment. Furthermore, we analyze the security and performance aspects to prove that our proposed scheme is more secure, efficient and practical for applications of networks communications.