In recent years, several user authentication schemes with smart cards for wireless communication environments have been proposed. In 2010, He, Ma, Zhang, Chen, and Bu proposed a strong user authentication scheme with an anonymity property and key agreement for wireless networks. However, in this paper, it is demonstrated that the so-called secure, anonymous user authentication scheme introduced by He et al. is vulnerable to eavesdropping attack and is not practical for real-life implementation. We show that user anonymity of their scheme is not achieved, the user has to bear in mind a long identity (128 bit) during the login phase, and there is no provision for fairness in the key agreement. To remedy these security weaknesses, we further propose a novel authentication scheme which is immune to various known types of attack and is more secure and practical for mobile wireless networking.
International Journal of Secure Digital Information Age 2(1)