COMPUTER SCIENCE
and ENGINEERING

Recently, Amin and Biswas proposed a bilinear pairing-based remoter user authentication protocol for multiserver environment, claiming it to be secure under various attacks. However, Chandrakar and Om found that the protocol suffers from an identity guessing attack, a password guessing attack, a user-server impersonation attack and so forth. To erase these weaknesses in Amin and Biswas’s protocol, they later proposed an enhanced ECC-based remoter user authentication protocol. Unfortunately, in this paper, we demonstrate that Chandrakar and Om’s protocol is still vulnerable to a user impersonation attack and cannot provide perfect forward secrecy. To solve the drawbacks, we suggest some simple but effective modification.

Authentication, Biometric-based, ECC, Key agreement protocol, Multiserver