Skip to Main Content
In 2005, Yoon-Ryu-Yoo proposed a simple remote user authentication scheme which is an improvement on Hwang-Lee-Tang's scheme. However, we found that Yoon-Ryu-Yoo's scheme easily reveals a user's password and is vulnerable to impersonation attack using stolen smart card. This scheme is also found to be vulnerable to parallel session attack and man-in-the-middle attack. This paper proposes a new remote user authentication scheme that resolves the aforementioned problems, while keeping the merits of Yoon-Ryu-Yoo's scheme.