We demonstrate how Hsiang and Shih's authentication scheme can be compromised and then propose an improved scheme based on the Rabin cryptosystem to overcome its weaknesses. Furthermore, we discuss the reason why we should use an asymmetric encryption algorithm to secure a password-based remote user authentication scheme using smart cards. We formally prove the security of our proposed scheme using the BAN logic.
