Weaknesses and improvements of the Yoon–Ryu–Yoo remote user authentication scheme using smart cards

Remote user authentication scheme is a procedure which allows a server to authenticate a remote user through insecure channel. Recently, Yoon, Ryu and Yoo made an enhancement based on Ku–Chen’s remote user authentication scheme by using smart cards. The scheme has the merits of providing mutual authentication, no verification table, freely choosing password, involving only few hashing operations and parallel session attack resistance. In this paper, we point out security flaws of Yoon–Ryu–Yoo’s protocols against masquerading attack, off-line password guessing attacks and parallel session attack. An improvement to enhance Yoon–Ryu–Yoo’s security scheme is proposed.