Improvements in Dynamic ID-based Remote User Authentication Schemes
User authentication is a key element in network security in complex network environments. Previously, Wang et al. proposed a dynamic ID-based remote user authentication scheme, in which users apply smart cards for registration and login. It allows mutual authentication on both the user and server-ends to avoid replay attacks and server impersonation attacks. However, security issues remain. For example, the scheme does not provide login privacy and can not resist user impersonation attack and password guessing attack. This paper looks into the security loopholes of the scheme and suggests not only one-way hash function but also symmetric encryption/decryption to achieve mutual authentication between user and remote server.