Due to the fast development of computer network, the numbers of users is extending quickly over the Internet. Therefore, network security issue is a great concern to protect data during transmission from malicious adversaries. Among these, user authentication becomes an essential security mechanism for remote systems to verify the validity of user when accessing some restricted service. Until now, several various authentication schemes have been proposed aiming at securing the user’s privacy from unauthorized access. However, there is no common in providing the desirable security properties. Recently, Hsieh and Leu have proposed an enhanced scheme to remedy all vulnerabilities of Hsiang et al.'s scheme including an infringed account attack, a resembling account attack, masquerading user attack, masquerading server attack, and password guessing attack. Unfortunately, Hsieh and Leu’s scheme is still vulnerable to password guessing attack, masquerading client attack, and masquerading server attack. These problems will be demonstrated in this thesis and also propose an enhancement scheme to resolve such problems. As a result, the proposed scheme can fight against password guessing attack absolutely because this is the problem priority needs to be tackled in this thesis. Moreover, user can change password freely and securely, which also providing secure mutual authentication.
