An improved Chang-Lee’s smart card-based authentication scheme

Abstract

It is useful to verify a legal user from a remote terminal through the Internet with the user authentication schemes based on the smart card. Usually, the remote user has to use his/her identification accompanying the password to access the system. This action is an important scheme to protect the user’s privacy and confidentiality. To achieve the robustness and the efficiency, Chang and Lee proposed a scheme that employs a smart card-based user authentication with the characters of implementation practically and easily. Also, Chang and Lee claim that the scheme could resist the replay attacks, the impersonation attacks, the identity disclosure attacks, and the perfect forward secrecy. However, this work shows that the scheme is in the risk with an on-line guessing identity and password attacks and denial of service attack. Hence, in this paper, it proposes an improved user authentication scheme that holds the capacity to withstand the vulnerability as that in Chang-Lee’s smart card-based scheme.