An Efficient Dynamic ID-based User Authentication Scheme using Smart Cards without Verifier Tables

Abstract

Smart-card based user authentication schemes provide that legal users conveniently and securely access remote services with smart cards through unsecure networks. Lee recently showed that the dynamic ID-based remote user authentication scheme proposed by Das et al. cannot resist password guessing attacks and impersonation attacks. In order to solve these weaknesses, Lee also presented an improved authentication scheme and claimed that the proposed scheme can resist modification, password guessing, imper sonation and smart-card-theft attacks. However, this investigation in dicates that the authentication scheme of Lee cannot resist the above attacks and violates users' untracibility. Additionally, this invest igation also develops an efficient and secure dynamic ID-bas ed user authentication scheme based on the quadratic residues. The proposed scheme not only avoids the weakness in the previous schemes, but also does not require verifier tables in the authentication server and sti ll retains low computational cost in clients.