With the rapid development of Internet service the client/server architecture, a lot of people use the Internet to organize a conference or to communicate with each other such as e-mail even though they located in different places in the world. However, the network is a shared medium, so that it’s full of weakness security attacks such as eavesdropping and modification attack. Hence, information security becomes an important issue in the client/server environment. So far, many protocols have been proposed to achieve different purpose. Most of them have to achieve two basic security standards. The first one is user authentication; it allows a server and a login user to authenticate each other over public channels. The second one is key agreement; it is used to derive a shared secure session key by two or more parties, but no party can predetermine the resulting value. Users can securely exchange information over an open network by using the shared session key to encrypt/decrypt secure information. In this study, we will discuss three user authentication and key agreement protocols and point out that their protocols have some security weaknesses. Then we propose our improvement to eliminate the security weakness of their protocols. As compared with their protocols, our proposed schemes are more secure and efficient.
