Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment

Recently, Liao and Wang proposed a secure dynamic ID based remote user authentication scheme for multiserver environment, and claimed that their scheme was intended to provide mutual authentication, two-factor security, replay attack, server spoofing attack, insider and stolen verifier attack, forward secrecy and user anonymity. In this paper, we show that Liao and Wang's scheme is still vulnerable to insider's attack, masquerade attack, server spoofing attack, registration center spoofing attack and is not reparable. Furthermore, it fails to provide mutual authentication. To remedy these flaws, this paper proposes an efficient improvement over Liao-Wang's scheme with more security. The computation cost, security, and efficiency of the improved scheme are well suited to the practical applications environment. (C) 2008 Elsevier B.V. All rights reserved.