Skip to Main Content
Password authentication is the simplest and the most convenient authentication mechanism that allows a legal user to login the remote system. In 2004, Das et al proposed a dynamic ID-based remote user authentication scheme using smart cards. Later, Liao, Lee, and Hwang made a slight modification to achieve mutual authentication. In this paper, we point out some weaknesses in their scheme such as password independent, smart card loss attacks, masquerade attacks, forgery attacks, denial of service attacks, etc, and propose an improved scheme to withstand these weaknesses. In our scheme, the remote system doesnpsilat need to store the verification table any more. Based on dynamic ID, it allows the user to choose and change their password freely, and can achieve mutual authentication. Comparing with the original scheme, our scheme does not lead additional communication loads and computational costs.
Date of Conference: 25-27 June 2008