Security Enhancements of a Password-Based Mutual Authentication Scheme Using Smart Cards

Password-based authentication scheme is one of the efficient authentication mechanics to protect resources from unauthorized access. Chang-Lee, in 2008, proposed a password-based mutual authentication scheme to overcome the security drawbacks of Wu-Chieu’s scheme. In this paper, we have shown that Chang-Lee’s scheme is vulnerable to various attacks known by literatures. Also we proposed an improved scheme to overcome the security drawbacks of Chang-Lee’s scheme. As a result of analysis, the proposed scheme not only withstands the various attacks, such as the user impersonation attack, the server masquerading, the man-inthe-middle attack, the off-line password guessing, the insider attack, but also provides mutual authentication between the user and the server. At the same time, the proposed scheme is more efficient than the related schemes in terms of the computational complexities.