Security enhancement on an improvement on two remote user authentication schemes using smart cards

With the current level of development of network technologies, various business activities take place on the Internet, and therefore how to assure the security of these activities over an insecure communication channel has become one of the most important issues. Authentication is the first step to protect users. Recently, Wang et al. proposed a remote user authentication scheme using smart cards to provide users with secure activities over an insecure Internet environment. Wang et al. claimed that their scheme is secured against guessing attacks, forgery attacks and denial of service (DoS) attacks which Ku et al.’s and Yoon et al.’s schemes suffered from. In this paper, we state that Wang et al.’s scheme is still vulnerable to the impersonation attack and parallel session attack. Furthermore, we propose an enhancement of Wang et al.’s scheme and provide the criteria of authentication scheme which secures a user against the risk of attack over an insecure Internet environment, for instance, session key agreement, mutual authentication and perfect forward secrecy. Moreover, we analyze the security of our scheme and prove that ours is suitable for applications with high security requirements.

Research highlights
► We propose an enhancement of Wang et al.’s scheme suffering from impersonation and parallel session attacks.
► We provide the criteria of authentication scheme which secures a user against the attack risks.
► Criteria of authentication: (a) Security, (b) Session key agreement, (c) Mutual authentication, (d) Perfect forward secrecy.