Many remote user authentication schemes have been designed and developed to establish secure and authorized communication between the users and the sever over an insecure channel. By employing a secure remote user authentication scheme, the users and the server can authenticate each other and utilize advanced services. In 2012, Hsieh and Leu proposed a remote user authentication scheme. However, we review and analyze Hsieh and Leu's scheme and find that their scheme can't provide user anonymity

more »

... and is vulnerable to slow wrong password detection, masquerading attack and password guessing attack. In order to solve these drawbacks, we propose a security-improved authentication scheme which can resist all attacks above. Finally, security formal analysis of the proposed scheme using Burrows-Abadi-Needham logic (BAN-logic) is given, which indicates that the proposed scheme can protect against several possible types of attacks with only a slightly high computational cost.