Cryptanalysis and Improvement of Jiang et al.'s Smart Card Based Remote User Authentication Scheme

Smart card based remote user password authentication schemes are one of the user-friendly and scalable mechanism to establish secure communication between remote entities. These schemes try to ensure secure and authorized communication between remote entities over the insecure public network. Although, most of the existing schemes do not satisfy desirable attributes, such that resistance against attacks, user anonymity and efficiency. In 2012, Chen et al. proposed a robust smart cased based remote user authentication scheme to erase the weaknesses of Sood et al.’s scheme. Recently, Jiang et al. showed that Chen et al.’s scheme is vulnerable to password guessing attack. Furthermore, Jiang et al. presented a solution to overcome the shortcoming of Chen et al.’s scheme. In the paper, we show that Jiang et al.’s scheme is still vulnerable to insider attack, on-line and off-line password guessing attack and user impersonation attack. Their scheme also fails to ensure perfect forward secrecy and user’s anonymity. Moreover, It does not provide efficient login and user-friendly password change phase. Further, to overcome these drawbacks, we present a modify scheme which reduces the computation overhead and satisfies all desirable security attributes where Jiang et al.’s scheme failed. keywords: Smart card; Password based authentication; Cryptanalysis; Anonymity.