In recent years, several password authentication schemes for remote login and verification have
been widely implemented for systems that control and access to Internet applications. Therefore, how to assure
the security protection of these related operations in computer networks has been extensively investigated
by many engineers in these two decades. Recently, an advanced smart card based password authentication
scheme is proposed by Song. He claimed that the proposed scheme performs secure operations and activities
over the insecure network communications. However, Song’s scheme is still vulnerable to the off-line
password guessing attack, and it is lack of perfect forward secrecy and system reparability. In this paper, we
state the security weaknesses of Song’s scheme, and then propose an improvement of the password based authentication
scheme which not only inherits the criteria of authentication scheme such as mutual authentication
and session key agreement but also protects against the risk of various attacks over the insecure Internet
environment. Furthermore, we analyze the security and performance aspects to prove that our proposed
scheme is more secure, efficient and practical for applications of networks communications.
