Efficient and secure dynamic ID-based remote user authentication scheme for distributed systems using smart cards

In a distributed environment, a fundamental concern is authentication of local and remote users in insecure communication networks. Absolutely, legitimate users are more powerful attackers, since they possess internal system information not available to an intruder. Therefore many remote user authentication schemes for distributed systems have been proposed. These schemes claimed that they could resist various attacks. However, they were found to have some weaknesses later. Lee et al. proposed a secure dynamic ID-based remote user authentication scheme for the multi-server environment using smart cards and claimed that their scheme could protect against masquerade attacks, server spoofing attack, registration server spoofing attack and insider attack. In this study, the authors show that Lee et al.´s scheme is still vulnerable to password guessing attack, server spoofing attack and masquerade attack. To propose a viable authentication scheme for distributed systems, we remedy the flaws of Lee et al.´s scheme and propose an efficient improvement over Lee et al.´s scheme. Furthermore, we compare the proposed scheme with related ones to prove that the computation cost, security and efficiency of the proposed scheme are well suitable for practical applications in a distributed system.