Provided by: Science and Development Network (SciDev.Net)
Password-based authentication scheme is one of the efficient authentication mechanics to protect resources from unauthorized access. Chang-Lee, in 2008, proposed a password-based mutual authentication scheme to overcome the security drawbacks of Wu-Chieu's scheme. In this paper, the authors have shown that Chang-Lee's scheme is vulnerable to various attacks known by literatures. Also they proposed an improved scheme to overcome the security drawbacks of Chang-Lee's scheme. As a result of analysis, the proposed scheme not only withstands the various attacks, such as the user impersonation attack, the server masquerading, the man-in-the-middle attack, the off-line password guessing, the insider attack, but also provides mutual authentication between the user and the server.