Advanced Secure Remote User Authentication Scheme Preserving User Anonymity

To ensure secure transmission of data and to authenticate remote user while accessing server resources, smart card based remote user authentication schemes have been widely adopted. In 2004, Das et al proposed first of its kind of protocol for remote user authentication with smart cards using Dynamic Id to protect user anonymity. In 2005, Chien et al pointed out that Das et al scheme failed to preserve user anonymity and the scheme is equivalent to open access without any password and proposed a new scheme to remedy of Das et al. In 2008 Bindu et al pointed out that Chien et al scheme is insecure against Insider attack and Man in the Middle attack and proposed a new scheme to remedy of Chien et al. In this paper we will show that Bindu et al scheme cannot preserve user anonymity under their assumption. In addition their scheme is vulnerable to user-impersonation attack, server-masquerading attack, Man in the Middle attack, stolen smart card attack, password guessing attack, replay attack, fails to achieve mutual authentication and perfect forward secrecy (PFS). We then present our improved scheme to overcome the vulnerabilities stated in Bindu et al‟s scheme while preserving all the merits of their scheme.