Improvement of the ElGamal Based Remote Authentication Scheme Using Smart Cards

Nowadays, we can easily obtain variety of services through networks. But due to the open environment, networks arevulnerable to many security threats. The remote user authentication scheme is one of the most widely usedmechanisms for servers to authorize users to access the services. In 2009, Ramasamy and Muniyandi proposed adiscrete logarithm based remote authentication scheme with smart cards. Their scheme provides mutualauthentication and withstands the denial of service attack, forgery attack and parallel session attack. In this article, weshow that their scheme is not a practical solution for remote access. It lacks key agreement mechanism and userscannot choose or update passwords freely. Moreover, their scheme cannot resist the stolen-verifier attack, off-lineguessing attack, impersonation attack and smart-card-loss-attack. We propose an improved scheme to remedy thedrawbacks. The improved scheme has the merits of providing mutual authentication and key agreement, whileforward and backward secrecy are ensured as well. The users can choose and update their passwords freely.Furthermore, the scheme can also withstand many attacks such as the smart-card-loss-attack, the replay attack, theoff-line guessing attack, the insider attack, the impersonation attack and the parallel session attack.