An Improved and Secure Smart Card Based Dynamic Identity Authentication Protocol

Password is the most commonly used authentication technique in smart card based authentication protocols. During communication, the static identity based authentication protocols leaks out the user’s authentication messages corresponding to static identity to the attacker. Therefore, the attacker can trace and identify the different requests belonging to the same user. On the other hand, the dynamic identity based authentication protocols provide multi-factor authentication based on the identity, password, smart card and hence more suitable to e-commerce applications. In 2008, Liu et al. proposed a nonce based mutual authentication scheme using smart cards. In 2009, Sun et al. demonstrated man-inthe-middle attack on Liu et al.’s scheme. However, we found that Liu et al.’s scheme is also vulnerable to stolen smart card attack. This paper presents a new dynamic identity based authentication scheme that uses the nonce and timestamp at the same time to resolve the aforementioned problems, while keeping the merits of Liu et al.’s scheme. The aim of this paper is to provide a dynamic identity based secure and computational efficient authentication protocol with user’s anonymity using smart cards. It protects the user’s identity in insecure communication channel and hence can be applied directly to e-economic applications. Security analysis proved that the proposed protocol is secure and practical.