An enhanced smart card and dynamic ID based remote multi-server user authentication scheme

Organizations often use smart card-based user authentication for remote access. The research community has put forward dynamic identity based remote user authentication schemes for distributed multi-server environment to safeguard the connection between user and server. Recently, Qiu et al. proposed an efficient smart card based remote user authentication scheme for the multi-server environment, in which they uphold their scheme provides mutual authentication and key agreement, user-anonymity, resistance against various kind of attacks. This paper will manifest that if the adversary is successful in stealing a smart card, then their schemes are vulnerable to masquerade attack, server spoofing attack, and password guessing attack. We overcome their flaws and propose an enhanced anonymous scheme where whenever the user wants to log into a server, the user identity is changed dynamically before login. And also, the scheme resists all possible attacks. We compared our scheme with respect to the related scheme, used BAN logic for verification of correctness of mutual key agreement and AVISPA to prove scheme is safe. We have provided formal security proofs for our scheme.