Cryptanalysis and Security Enhancement of an Efficient and Secure Dynamic ID Based Remote User Authentication Scheme for Multi-Server Environments

Password based authentication schemes have been widely used to verify the legitimacy of a user over an insecure communication channel. A common feature among most of the published schemes is that user's identity (ID) is static in all the transaction sessions, which may leak some information about the user and can create risk of identity theft during message transaction. Therefore, to provide user anonymity, many dynamic ID based remote users authentication schemes have been proposed. Recently, Khan et al. proposed an efficient and secure dynamic ID based remote user authentication scheme and claimed that their scheme can provide strong security against various attacks. In this paper, we have demonstrated that Khan et al.'s scheme is vulnerable to server spoofing attack and insider attack, and has some flaws in login and authentication phase as well and also proposed an enhanced scheme to overcome the identified weaknesses.