Cryptanalysis and Improvement of Smartcard-Based Remote User Authentication Scheme

In remote access to computer system model of user- host, password authentication based on smartcard is a very promising and practical solution to user authentication. A recently proposed smartcard-based authentication scheme was examined with the scenario-based attack techniques. The scheme presented in "An improved remote user authentication scheme" which improved Yoon-Yoo remote user authentication scheme, is vulnerable to offline password guessing attack, server phishing attack and client phishing attack. Furthermore, a sufficient condition that user authentication scheme cannot defend offline password guessing attack, is analyzed depend on the theory of the unique solution of linear XOR logic equations. Consequently, user authentication methods based on elliptic curve cryptography asymmetric encryption was used to improve Wang’s scheme, and a new remote user authentication scheme was proposed and analyzed.