Skip to Main Content
In 2004, Das et al. proposed a dynamic identity based remote user authentication scheme. They claimed that their scheme is secure against different attacks. Unfortunately, many researchers demonstrated that Das et al. scheme is vulnerable to various attacks. Furthermore, this scheme does not achieve mutual authentication and thus can not resist malicious server attack. In 2005, Liao et al. improved Das et al.'s scheme and claimed that the improved scheme achieves mutual authentication, withstand password guessing attack and insider attack. In 2006, Yoon and Yoo demonstrated a reflection attack on Liao et al.'s scheme that breaks the mutual authentication. In this paper, we found that Liao et al.'s scheme is also vulnerable to malicious user attack, impersonation attack, stolen smart card attack and offline password guessing attack. Moreover, Liao et al.'s scheme does not maintain the user's anonymity and its password change phase is insecure. This paper presents a secure dynamic identity based authentication scheme using smart cards to resolve the aforementioned problems, while keeping the merits of different dynamic identity based authentication schemes.