Nowadays, a user authentication is very important in network environments. For safe authentication, they came up with six essential conditions in earlier studies. And a variety of mechanisms is presented by research scientists. However, they could not achieve the PFS. Because, though all these schemes are assumed that the communication between a smart card and a host is safe, actually it is not. Therefore, in this paper, we will point out what the communication between a smart card and a host is not safe, and propose a new user authentication mechanism that can reach to the PFS. And also, an encryption algorithm is used about 45% less than earlier studies in our proposed scheme. Thus, we can say that enhance the efficiency.

Recently, Yoon et al. exhibited the vulnerability of the smart-card-equipped password based authentication protocol proposed by Chien et al. to the Denning-Sacco attack. Furthermore, they also pointed out that the protocol does not provide the perfect forward secrecy. Accordingly, they presented an enhanced protocol to strengthen the security. This letter, however, demonstrates an interleaving attack on the Yoon et al.'s improved protocol and also discusses how to defend the protocol from the attack presented here.