Security of two remote user authentication schemes using smart cards

In 2000, Sun proposed an efficient remote user authentication scheme using smart cards (published in IEEE Transactions on Consumer Electronics, Vol. 46, No. 4, 2000). Recently, Chien et al. pointed out that Sun's scheme only achieve the That is, only the authentication server can authenticate the legitimacy of the remote user while the user cannot authenticate that of the server. Chien et al. further proposed a new efficient and practical solution to achieve the mutual user authentication (published in Computers & Security, Vol. 21, No. 4, 2002). This paper, however, will demonstrate that Sun's scheme is vulnerable to the off-line and the on-line password guessing attacks and Chien et al.'s scheme is vulnerable to the parallel session attack.