A Review on Remote User Authentication Schemes Using Smart Cards Keerti Srivastava, Amit K. Awasthi, and R.C. Mittal 1 Department of Applied Mathematics, Gautam Buddh University, Greater Noida, 201310, UP, India keert.cipet@gmail.com 2 Department of Applied Mathematics, Gautam Buddh University, Greater Noida, 201310, UP, India awasthi.amitk@gmail.com 3 Indian Institute of Technology, Roorkee, UA, India rcmmmfma@iitr.ernet.in Abstract. Remote user authentication is a mechanism in which the remote server verifies the legitimacy of a user over an insecure com- munication channel. Password based authentication schemes have been widely deployed to verify the legitimacy of remote users as password authentication is one of the simplest and the most convenient authenti- cation mechanism over insecure networks. In remote user authentication scheme, the user is assigned a smart card, which is being personalized by some parameters and provide the legal users to use the resources of the remote system. Until now, there have been ample of remote user authen- tication schemes published in the literature and each published schemes have its own merits and demerits. Recently, many schemes proposed are based on the one-way hash function. The computational complex- ity of their schemes is superior to the discrete logarithm-problem-based schemes. In our paper, we have defined all the security requirements and the goals. An ideal password authentication schemes should satisfy and achieve all of these. We have presented the results of our survey through five of the currently available secure one way hash function based remote user authentication schemes. We hope an ideal smart card (not storing (IDi ,PWi ), which meets all the security requirements and achieves all the goals can be developed. 1 Introduction With large scale development of network technology, remote user authentica- tion in e-commerce and m-commerce has become an indispensable part to ac- cess the precious resources. It provides the legal users to use the resources of the remote system. To access resources at remote systems, users should have proper access rights like in Remote Login Systems, Automated Teller Machines (ATM’s), Personal Digital Assistants (PDA) and Database Management Sys- tems, etc and to access these resources, each user should have an identity and K. Singh, A.K. Awasthi, and R. Mishra (Eds.): QSHINE 2013, LNICST 115, pp. 729–749, 2013. c  Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2013