A more efficient and secure dynamic ID-based remote user authentication scheme

In 2004, Das, Saxena and Gulati proposed a dynamic ID-based remote user authentication scheme. This scheme allows users to change and choose passwords freely, and the server does not maintain any verifier table. It is also secure to against ID-theft, replay attacks and insider attacks and so on. However, research has been done to point that it is completely insecure for its independent of the password. Furthermore, it did not achieve mutual authentication and could not resist impersonate remote server attack. In this paper, an enhanced password authentication scheme which still keeps the merits of the original scheme was presented. Security analysis proved that the improved scheme is more secure and practical. (C) 2008 Elsevier B.V. All rights reserved.