CRYPTANALYSIS OF AN EFFICIENT REMOTE USER AUTHENTICATION SCHEME WITH SMART CARDS

From user point of view, smart card based authentication is one of the most popular technologies for system access and data exchange. However, its pervasive usage On new applications has been slowed down and restricted due to the concerns of potential security threats on resource-limited smart card. Therefore, a more efficient and secure remote authentication protocol for smart card users is devastatingly required nowadays. Recently, Huang and Wei [2] developed a remote user authentication scheme in which only an exclusive-or operator and a random number generator are utilized to provide a secure and efficient authentication service for smart card users. In this study, we first evaluate security robustness of Huang and Wei's scheme by engaging a series of planned active attack operations; our evaluation results show that the proposed attack can fully discover the secret information shared between a remote smart card user and the back-end server. To remedy identified security vulnerabilities, we develop a security-enhanced remote authentication protocol. The security and performance analyses show that our proposed authentication scheme delivers mutual authentication feature and stronger security robustness with the same order of computation complexity as Huang and Wei's scheme does.