Security improvement on the timestamp-based password authentication scheme using smart cards

Identification and authentication over an insecure network are being essential services in all security transactions. Due to the inherent confidentiality and portable size, especially its intelligent computing capability, smart card achieves a good tradeoff between security and convenience to the users, so smart cards are hopeful to be practical solutions with high security for intelligent authentication systems. This paper first reviews the smart cards based authentication scheme proposed by Shen et at. and discusses its security flaws pointed out recently by Yang et al. Finally, an improvement on Shen et al.'s scheme is presented, which can withstand the forged login attacks found in the related work. In addition, the improvement scheme keeps all the merits of original one while only slightly increasing the computation. Therefore, the enhanced scheme is efficient and more secure to use for remote user authentication.