Cryptanalysis and Improvement of Jiang et al.'s Smart Card Based Remote User Authentication Scheme
This work addresses security flaws in authentication protocols for remote systems, but it is incremental as it builds on prior schemes.
The paper analyzed three existing smart card-based remote user authentication schemes and found that none resist online password guessing attacks and have inefficient login and password change phases, leading to denial of service vulnerabilities; it proposed an improved scheme to eliminate these drawbacks.
The smart card based authentication protocols try to ensure secure and authorized communication between remote entities. In 2012, Wei et al. presented an improvement of Wu et al.'s two-factor authentication scheme for TMIS which is proven vulnerable to off-line password guessing attack by Zhu. Zhu also proposed a modified scheme to overcome with weakness of Wei et al.'s scheme, although Lee and Liu showed the failure of his scheme to resist parallel session attacks. Moreover, Lee and Liu introduced an improved scheme. We analyze Wei et al.'s, Zhu's and Lee and Liu's schemes and identify that none of the schemes resist on-line password guessing attack. Moreover, these schemes do not present efficient login and password chance phase. We also show that how inefficient password change phase causes denial of service attack. Further, we propose an improved password based remote user authentication scheme with the aim to eliminate all the drawbacks of previously presented schemes.