User authentication has become a critical issue in the public Internet environment. With countless information exchanges taking place daily—and even more expected in the future—numerous services are being offered as the network continues to develop. Examples of these services include webmail, online banking, and cloud computing. When users wish to access these services, they must log onto servers that require authentication. Consequently, users need to remember their usernames and passwords for each different server. As users register for multiple services, the number of passwords they must memorize increases, leading to a growing burden. In 2011, Lee et al. proposed a scheme to address this problem. They argued that their method remedies the weaknesses found in previous schemes, making it more effective. However, we have identified that Lee et al.'s scheme still fails to ensure user anonymity and has a security vulnerability related to smart card cloning.
Anonymous, Authentication, Dynamic ID, Multi-server, Key Agreement