View article

In 2004 Das et al. proposed a "dynamic ID based remote user authentication scheme using smart cards" that allows the user to choose and change their password freely and does not maintain any verifier table. It can protect against ID-theft, replay attack, forgery attack, guessing attack, insider attack and stolen verifier attack. However, Awasthi and Lai, have pointed out several weaknesses in Das et. al. scheme and have shown that the scheme is completely insecure and is equivalent to open server access without any passwords. Subsequently, Wei-Chi KU and Shen-Tein Chang have shown that an adversary can successfully impersonate the user and log onto remote server. Moreover Das's scheme does not achieve mutual authentication, which is essential for many applications. In this paper, we propose an improved scheme, which overcomes the weaknesses of Das et al scheme and improves the security …