Analysis and Improvement of an Authentication Scheme Using Smart Cards Sonam Devgan Kaul and Amit K. Awasthi Department of Applied Mathematics, Gautam Buddha University, Greater Noida,201308, UP, India {sonamdevgan11,awasthi.amitk}@gmail.com Abstract. In 2010, Sood et al [16] proposed a secure dynamic identity based authentication scheme using smart cards. They claimed that their scheme is secure against various attacks. In this paper, we demonstrate that their scheme is completely insecure and vulnerable to outsider attack as well as insider attack. An outsider attacker can obtain the common session key between the user and the server, while an insider attacker can get not only the session key but also the secret key of the server. Therefore, the entire system collapses. To remedy these security flaws, an improved scheme is proposed to withstand these attacks. Keywords: cryptanalysis, authentication protocol, smart cards, dynamic identity, password. 1 Introduction With the rapid increasing need of remote digital services and electronic trans- actions; authentication schemes that ensure secure communication through an insecure channel are gaining popularity and have been studied widely in recent years. In 1981, Lamport [9] proposed first remote user password based authenti- cation scheme by employing a one way hash chain, in an insecure and untrusted network, but this scheme has a major drawback of its dependency on verifica- tion table. Smart cards implementation solved this problem of dependency on verification tables and ensures secure communication. That is why, Smart cards based authentication schemes are becoming day by day more popular. In 2001, Hwang et al [6] proposed first smart cards based authentication scheme. As Se- curity and efficiency are the main factors for any authentication scheme from the user’s perspective. In view of the fact, several smart cards based remote user authentication schemes [1,2,3,5,8,11,12,15] have been proposed. In 2004, Das et al [4] proposed a dynamic identity based remote user authen- tication scheme using smart cards that preserves user’s anonymity. However, their scheme is vulnerable to various attacks. In 2005, Liao et al [10] proposed an improved scheme that achieves mutual authentication. In 2006, Yoon and Yoo [17] cryptanlyse the mutual authentication of Liao et al’s scheme. In the same direction in 2010, Sood et al [16] proposed an improved protocol of Liao K. Singh, A.K. Awasthi, and R. Mishra (Eds.): QSHINE 2013, LNICST 115, pp. 719–728, 2013. c  Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2013