An improvement of Hwang-Lee-Tang's simple remote user authentication scheme

Recently, Hwang-Lee-Tang proposed a simple remote user authentication scheme using smart card, whereby it does not require any password or verification tables in the remote system and any legal users could choose and change their passwords freely. However, their schemes previously generated user's secret hash values are insecure if the secret key of the server is leaked or is stolen, also when the smart card is stolen, unauthorized users can easily change new password of the smart card. Furthermore, their scheme cannot resist the denial of service attack using stolen smart card and does not provide mutual authentication. Accordingly, the current paper demonstrates the vulnerability of Hwang-Lee-Tang's scheme and presents an enhancement to resolve such problems. As a result, the proposed scheme previously generated secret hash values are secure even if the secret key of the system is leaked or is stolen and enables users to update their passwords freely and securely, while also providing mutual authentication and fast detect it when user inputs wrong password. In addition, the computational costs of this scheme are less than those of any previously proposed schemes. (C) 2005 Elsevier Ltd. All rights reserved.