Strengthening the Security and Preserving User Anonymity of Remote User Authentication Scheme Using Smart Card

Abstract

Smart card based user authentication offers security and convenience in the remote user authentication system. On the other hand, a strong and secure scheme is needed to provide user authentication based on a smart card. Several schemes have been proposed, one of them is Lee's scheme proposed in 2015 [1]. However, based on Jung et al. analysis 2015[2], Lee's scheme has several weaknesses against impersonation and off-line password guessing attack. Moreover, the scheme is also failed to preserve user anonymity. This research proposed an improvement scheme to strengthen Lee's scheme [1]. For strengthening Lee's scheme, the proposed scheme uses Zero Knowledge and keyed hash function. The proposed scheme introduces an additional phase for generating a session key for securing the communication between two parties each other. Based on the experiment, it can be concluded that the proposed scheme is stronger than the previous scheme because the probability for breaking the proposed scheme using the off-line password guessing and impersonation attack is less than probability for breaking Lee's scheme.