Weakness and improvement on Wang-Li-Tie's user-friendly remote authentication scheme

In an open network environment, the remote authentication scheme using smart cards is a very practical solution to validate the legitimacy of a remote user. In 2003, Wu and Chieu presented a user-friendly remote authentication scheme using smart cards. Recently, Wang, Li, and Tie found that Wu–Chieu s scheme is vulnerable to the forged login attack, and then presented an improvement to eliminate this vulnerability. In our opinion, the smart card plays an important role in those schemes. Therefore, we demonstrate that Wang–Li–Tie s scheme is not secure under the smart card loss assumption. If an adversary obtains a legal user s smart card even without the user s corresponding password, he can easily use it to impersonate the user to pass the server s authentication. We further propose an improved scheme to overcome this abuse of the smart card. 2005 Elsevier Inc. All rights reserved. 0096-3003/$ see front matter 2005 Elsevier Inc. All rights reserved. doi:10.1016/j.amc.2005.01.013 * Corresponding author. E-mail addresses: [email protected] (D.-Z. Sun), [email protected] (J.-D. Zhong), [email protected] (Y. Sun). 1186 D.-Z. Sun et al. / Appl. Math. Comput. 170 (2005) 1185–1193