Modified Dynamic ID-based User Authentication Scheme Resisting Smart-Card-Theft Attack

Wireless environments such as GSM, 3G, and 4G are more and more popular. Consequently, communications in such networks need to be guarded. It is necessary to have a secure mutual authentication scheme to defend transactions between user and service provider against illegitimate adversaries. Especially, users are those vulnerable to attacks and there are many authentication schemes with smart-card proposed to protect them. Recently, Yung-Cheng Lee has suggested a dynamic identity based user authentication scheme to resist smart-card-theft attack. Nevertheless, he assumed that smart-card is tamperproof. In our opinion, this is not appropriate because Kocher and Messerges pointed that smart-card's confidential information could be extracted by physically monitoring its power consumption. Therefore, design of Yung-Cheng Lee cannot withstand this kind of attack. In addition, anyone who is a legal member can masquerade server or other legal users in his scheme. Moreover, legitimacy verification only starting from server side truly makes Lee's scheme be impractical. In this paper, we present an improvement to his scheme to isolate such problems.