An Improved Dynamic ID Based Remote User Authentication Scheme for Multi-server Environment

Mutual authentication has been widely used to verify the legal user and server over a common communication channel. To ensure secure connection between user and server, a large number of remote mutual authentication schemes for multi-server have been proposed by researchers. However, there is a common feature that the identity of user is static in the login phase, which may leak some information of user. Therefore, a good deal of smart card based anonymous multi-server remote user authentication scheme have been proposed to overcome this problem. Recently, Banerjee et al. pointed out that Li et al.'s scheme is vulnerable to user impersonates attack and stolen smart card attack. Later, they proposed an improved protocol to fix this problem. However, we found that Banerjee et al.'s scheme is still vulnerable to user impersonation attack and off-line password guessing attack. Finally, we proposed an enhanced scheme to eliminate the security vulnerability.