An improvement of sood, et al.'s authentication scheme using smart card

Abstract

In 2004, Das, et al.'s proposed the dynamic ID-based remote user authentication scheme to protect the user's anonymity. However, in 2005, Chein, et al.'s and Liao, et al.'s demonstrated that Das, et al.'s scheme failed to protecting user's anonymity. In addition, they showed that it was susceptible to guessing attack, so that it might expose the password to the remote system. In 2006, Liou, et al.'s proposed a new scheme which aimed to resolve the security vulnerabilities of Das, et al's scheme such as mutual authentication and malicious server attacks. However, in 2010, Sood, et al.'s demonstrated that Liou, et al's scheme is susceptible to impersonal attack, malicious user attack, man in the middle attack and offline password guessing attack. To resolve those vulnerabilities, Sood, et al.'s proposed new scheme. However, as a result of analysis of the new scheme proposed by Sood, et al., it is still vulnerable to malicious legal user attack and various attacks such as forgery, insider and database. In this paper, we propose an improvement to the Sood, et al.'s scheme in order to resolve such problems.