Skip to Main Content
In 2005, Yoon et al. proposed a user-friendly remote user authentication scheme using smart cards. The security of their scheme is based on one-way hash function and they claimed that their scheme is secured from attacks and achievable for proving mutual authentication, freely choosing password, no verification tables, and involving very lightweight hashing operations. However, we find that Yoon et al.'s scheme suffers from the denial of service attack and performs only unilateral authentication (only user authentication). In this paper we consequently propose an enhanced version to eliminate the vulnerability. Furthermore, our enhanced scheme can also provide mutual authentication and key agreement between a remote server and login users.