Cryptanalysis and security enhancement of a remote user authentication scheme using smart cards

With the broad implementations of the electronic business and government applications, robust system security and strong privacy protection have become essential requirements for remote user authentication schemes. Recently, Chen et al. pointed out that Wang et al.'s scheme is vulnerable to the user impersonation attack and parallel session attack, and proposed an enhanced version to overcome the identified security flaws. In this paper, however, we show that Chen et al.'s scheme still cannot achieve the claimed security goals and report its following problems: (1) It suffers from the offline password guessing attack, key compromise impersonation attack and known key attack; (2) It fails to provide forward secrecy; (3) It is not easily repairable. As our main contribution, a robust dynamic ID-based scheme based on non-tamper resistance assumption of the smart cards is presented to cope with the aforementioned defects, while preserving the merits of different related schemes. The analysis demonstrates that our scheme meets all the proposed criteria and eliminates several grave security threats that are difficult to be tackled at the same time in previous scholarship.