Cryptanalysis of A Secure Remote User Authentication Scheme Using Smart Cards

Smart card based authentication schemes are used in various fields like e-banking, e-commerce, wireless sensor networks, medical system and so on to authenticate the both remote user and the application server during the communication via internet. Recently, Karuppiah and Saravanan proposed an authentication scheme which is based on password and one-way cryptographic hash function. They have used a secure identity mechanism i.e., users' and server's identity are not public. Thus, the user and the server do not send their identity directly to each other during communications. In this paper, we have found out that their scheme does not overcome the reply attack and also there is a fault in the login phase, which makes their scheme is not perfect for practical use.