An improved and secure smart card-based authentication scheme

Kim and Chung (2009) found that Yoon and Yoo’s scheme (2005) easily reveals a user’s password and is susceptible to masquerading user attack, masquerading server attack and stolen verifier attack. Therefore, Kim and Chung proposed a new remote user authentication scheme. They claimed that the proposed scheme resolves all aforementioned security flaws, while keeping the merits of Yoon and Yoo’s scheme. However, we found that Kim and Chung’s scheme is susceptible to masquerading user attack, masquerading server attack, offline dictionary attack using stolen smart card and parallel session attack. This paper improves Kim and Chung’s scheme that resolves the aforementioned security flaws, while keeping the merits of Kim and Chung’s scheme. The security of the proposed protocol depends upon two security parameters which makes difficult for an attacker to launch attacks on the proposed scheme. Therefore, the attacker can not get any meaningful authentication information from eavesdropping.