ENGINEERING
and TECHNOLOGY RESEARCH

Recently, after analyzing Jiang et al. and He et al.’s remote user authentication scheme, Kumari et al. detected some defects in their own protocol and designed a user anonymous password authentication scheme without smart card. They claimed that their protocol is rigorous to resist a wide range of network attacks. Unfortunately, based on the analysis of a large amount of experiments, we found that their protocol is not robust enough when facing with changing session key attack. The user and server cannot achieve the consistency of the session even though they have been authenticated each other.

Authentication, Anonymity, Without Smart Card, Changing Session Key Attack