The goal of a denial-of-service (DoS) attack is to deplete the resource of a targeted server in order that its intended clients cannot obtain the services. Recently, Hwang et al. proposed an ID-based password authentication scheme using smart cards against the DoS attack. In their scheme, the major merits include: (1) mutual authentication; (2) the password guessing attack; (3) the replay attack; (4) the impersonation attack; (5) session key establishment; and (6) the server resources exhaustion attack. However, two basic and the most important security properties of a session key establishment are not satisfied in their scheme. One is the perfect forward secrecy. If the long-term secret key is compromised, the previous session key should not be derived. The other is the perfect backward secrecy. If a used session key is compromised, subsequent communications should not be damaged. The intentions of this paper are to show that the above weaknesses exist in Hwang et al.'s scheme and to propose a security-enhanced user authentication scheme. The proposed scheme not only can achieve the above admired security requirements, but also can solve the smart card loss problem which is a troublesome security threat in our life and cannot be solved in most authentication and key agreement schemes. [Life Science Journal. 2010;7(1): 88-94] (ISSN: 1097-8135).

• 出版日期2010