A Robust Remote User Authentication Scheme using Smart Card

Publication Type:

Journal Article


Information & Security: An International Journal, Volume 26, Issue 2, p.79-97 (2013)


Forward secrecy, Guessing attack, Remote Authentication, Smart Card, Timestamp


With the fast growth of e-commerce and enormous demand from numerous internet based applications, strong privacy protection and robust system security have become essential requirements for an authentication scheme or for a universal access control mechanism. The vision to ease functionality and achieve computation efficiency, design issues for efficient and secure remote user authentication scheme have been a preferred field of investigation by the research community in these two decades. In 2005, Liao et al. improved the dynamic ID-based scheme of Das et al. to achieve mutual authentication and also withstand various attacks. More recently, in 2009, Wang et al. crypt analysed Das et al.’s scheme and also proposed another remote user authentication scheme to eradicate pitfalls. Unfortunately both improvements have been found to be vulnerable and inefficient for real life implementation. The main goal of this paper is to propose a robust remote user authentication scheme using smart card that could not only withstand the traditional attacks, such as the man-in-the-middle attack, the replay attack, the forgery attack, the stolen smart card attack, and the denial of service attack, but also overcomes YLY attacks: perfect forward secrecy, the guessing attack, and the Denning- Sacco attack. Our scheme also establishes session key for secure communication between user and server and rules out possibility of reflection attack and replay attack through its design.