Three-tier authentication scheme using smart card

With current network technologies, various business activities can be done in the Internet world, and how to assure the security of these activities in an insecure communication channel becomes the most important issue. Recently, Hsiang-Shih proposed a remote user authentication scheme for multi-server environment as an improved scheme over Liao and Wang’s scheme, and asserted that their scheme can escape from masquerade attack, server spoofing attack, etc. In this paper, we show that Hsiang and Shih’s scheme still suffers from masquerade attack. To mend the problem, we offer a three-tier authentication using smart card procedure with dynamic ID and Diffie-Hellman’s method to improve Hsiang-Shih’s insecure scheme. Our scheme is suitable for applications with higher security requirement.