Cryptanalysis and security enhancement of Chen et al.’s remote user authentication scheme using smart card

Abstract

Abstract Recently (2011) Chen et al. found that Wang et al.’s scheme (2007) is vulnerable to impersonation attacks and parallel session attacks; and then proposed a security enhancement of Wang et al.’s scheme. Chen et al. claimed to inherit the merits and eradicate the flaws of the original scheme through their improved scheme. Unfortunately, we found that Chen et al.’s scheme inherits some flaws of the original scheme, like the known-key attack, smart card loss attack and its serious consequences. In addition, Chen et al.’s scheme is not easily reparable and is unable to provide forward secrecy. Thus Chen et al.’s scheme still has scope for security enhancement. Finally, we propose an improved scheme with better security strength. Moreover, we analyze the performance of our scheme and prove that ours is suitable for applications with high security requirements.