Online citations, reference lists, and bibliographies.
← Back to Search

Analysis And Enhancement Of A Password Authentication And Update Scheme Based On Elliptic Curve Cryptography

L. Wang
Published 2014 · Mathematics, Computer Science

Save to my Library
Download PDF
Analyze on Scholarcy
Share
Recently, a password authentication and update scheme has been presented by Islam and Biswas to remove the security weaknesses in Lin and Huang’s scheme. Unfortunately, He et al., Wang et al., and Li have found out that Islam and Biswas’ improvement was vulnerable to offline password guessing attack, stolen verifier attack, privilege insider attack, and denial of service attack. In this paper, we further analyze Islam and Biswas’ scheme and demonstrate that their scheme cannot resist password compromise impersonation attack. In order to remedy the weaknesses mentioned above, we propose an improved anonymous remote authentication scheme using smart card without using bilinear paring computation. In addition, the verifier tables are no longer existent, and the privacy of users could be protected better. Furthermore, our proposal not only inherits the advantages in Islam and Biswas’ scheme, but also provides more features, including preserving user anonymity, supporting offline password change, revocation, reregistration with the same identifier, and system update. Finally, we compare our enhancement with related works to illustrate that the improvement is more secure and robust, while maintaining low performance cost.
This paper references
10.1007/978-3-642-01877-0_7
A New Client-to-Client Password-Authenticated Key Agreement Protocol
D. Feng (2009)
10.1007/978-3-642-10433-6_20
An Efficient and Provably Secure Cross-Realm Client-to-Client Password-Authenticated Key Agreement Protocol with Smart Cards
Wenting Jin (2009)
10.1016/S0167-4048(00)05032-X
Methods for Protecting Password Transmission
M. Peyravian (2000)
Guessing Attacks on Strong-Password Authentication Protocol
C. Lee (2013)
10.1007/b97644
Guide to Elliptic Curve Cryptography
D. Hankerson (2004)
10.1145/2043628.2043629
Modeling key compromise impersonation attacks on group key exchange protocols
M. C. Gorantla (2008)
Improvement on Peyravian-Zunic's Password Authentication Schemes
J. Hwang (2002)
10.1016/j.mcm.2011.07.001
Design of improved password authentication and update scheme based on elliptic curve cryptography
S. H. Islam (2013)
10.1016/S0167-4048(03)00114-7
A password authentication scheme with secure password updating
Chun-Li Lin (2003)
10.6633/IJNS.201205.14(3).04
Mutual Authentication Scheme with Smart Cards and Password under Trusted Computing
L. Yang (2012)
10.1007/978-3-642-34062-8_24
On the Security of an Improved Password Authentication Scheme Based on ECC
Ding Wang (2012)
10.1016/j.jcss.2005.10.001
A password authentication scheme over insecure networks
I. Liao (2006)
Methods for protecting password transmission,”Computers
M. Peyravian (2000)
10.1090/S0025-5718-1987-0866109-5
Elliptic curve cryptosystems
N. Koblitz (1987)
10.1049/iet-ifs.2012.0058
A new password authentication and user anonymity scheme based on elliptic curve cryptography and smart card
C. Li (2013)
10.1007/3-540-39200-9_18
CAPTCHA: Using Hard AI Problems for Security
L. V. Ahn (2003)
10.1145/358790.358797
Password authentication with insecure communication
L. Lamport (1981)
Comments on a password authentication and update scheme based on elliptic curve cryptography
D. He (2011)
An Improved Efficient Remote Password Authentication Scheme with Smart Card over Insecure Networks
M. Kumar (2011)
10.1145/1030083.1030117
New client puzzle outsourcing techniques for DoS resistance
B. Waters (2004)
An Efficient Password Authentication Scheme for Smart Card
R. Ramasamy (2012)



This paper is referenced by
Secure-Anonymous User Authentication Scheme for e-Healthcare Application Using Wireless Medical Sensor Networks
Yoney Kirsal Ever (2019)
10.1007/S13369-018-3255-6
Handover Authentication Scheme for Device-to-Device Outband Communication in 5G-WLAN Next Generation Heterogeneous Networks
A. Kumar (2018)
10.1016/j.jisa.2015.01.001
An efficient ECC-based privacy-preserving client authentication protocol with key agreement using smart card
Vanga Odelu (2015)
10.4018/IJBDCN.2016070103
Improved Traceable-Resistant Efficient Authentication Schemes for Wireless Networks
P. Dass (2016)
10.1109/JSYST.2018.2866067
Secure-Anonymous User Authentication Scheme for e-Healthcare Application Using Wireless Medical Sensor Networks
Y. K. Ever (2019)
10.1016/J.DCAN.2019.07.003
Design of a USIM and ECC based handover authentication scheme for 5G-WLAN heterogeneous networks
A. Kumar (2020)
10.1109/IWSDA.2015.7458418
A secure and robust dynamic ID-based mutual authentication scheme with smart card using elliptic curve cryptography
M. Sarvabhatla (2015)
10.1007/s11042-020-10134-x
Chaotic-map based authenticated security framework with privacy preservation for remote point-of-care
B. D. Deebak (2020)
Robust Authentication Scheme based on Elliptic Curve Cryptography for Big Data Applications
Geeta Sharma (2018)
10.15415/jtmge.2015.61004
On Security Analysis of Recent Password Authentication and Key Agreement Schemes Based on Elliptic Curve Cryptography
Prabhdeep Kaur (2015)
10.1007/978-981-10-5565-2_2
A Secure Three-Factor Remote User Authentication Scheme Using Elliptic Curve Cryptosystem
R. Ali (2018)
10.1016/J.SYSARC.2020.101883
A Survey on Security and Authentication in Wireless Body Area Networks
Bhawna Narwal (2020)
Semantic Scholar Logo Some data provided by SemanticScholar