Secure and Efficient Smart-Card-Based Remote User Authentication Scheme for Multiserver Environment

Abstract

The growth of the Internet and telecommunication technology has facilitated remote access. During the last decade, many secure dynamic identity (ID)-based remote user authentication schemes have been proposed for the multiserver environment using smart cards. Recently, Li et al. point that the Lee et al. scheme is vulnerable to forgery attack, server spoofing attack, improper authentication, and unfriendly and inefficient password change. To overcome these security weaknesses, Li et al. propose a novel smart-card- and dynamic ID-based remote user authentication scheme for multiserver environments. In this paper, we show that the Li et al. scheme is also vulnerable to offline password guessing attack, stolen smart-card attack, forgery attack, and poor reparability. Their scheme does not also provide two-factor security. To provide a secure remote user authentication scheme for the multiserver environment and to overcome the security weaknesses, we propose an enhanced scheme. Our scheme is aimed at logically securing the data stored in the smart card and improving the dynamic property of the ID using password randomization for each session. Our scheme resists forgery attack, replay attack, stolen smart-card attack, offline password guessing attack, and spoofing attack. Our scheme's efficiency has been established analytically and confirmed through simulation.