Smart-card based user authentication schemes provide that legal users conveniently and securely access remote services with smart cards through unsecure networks. Lee recently showed that the dynamic ID-based remote user authentication scheme proposed by Das et al. cannot resist password guessing attacks and impersonation attacks. In order to solve these weaknesses, Lee also presented an improved authentication scheme and claimed that the proposed scheme can resist modification, password guessing, impersonation and smart-card-theft attacks. However, this investigation indicates that the authentication scheme of Lee cannot resist the above attacks and violates users’ untracibility. Additionally, this investigation also develops an efficient and secure dynamic ID-based user authentication scheme based on the quadratic residues. The proposed scheme not only avoids the weakness in the previous schemes, but also does not require verifier tables in the authentication server and still retains low computational cost in clients.
Digital Object Identifier (DOI)
"An Efficient Dynamic ID-based User Authentication Scheme using Smart Cards without Verifier Tables,"
Applied Mathematics & Information Sciences: Vol. 09
, Article 56.
Available at: https://dc.naturalspublishing.com/amis/vol09/iss1/56