Open Access
2014 Analysis and Enhancement of a Password Authentication and Update Scheme Based on Elliptic Curve Cryptography
Lili Wang
J. Appl. Math. 2014(SI07): 1-11 (2014). DOI: 10.1155/2014/247836

Abstract

Recently, a password authentication and update scheme has been presented by Islam and Biswas to remove the security weaknesses in Lin and Huang’s scheme. Unfortunately, He et al., Wang et al., and Li have found out that Islam and Biswas’ improvement was vulnerable to offline password guessing attack, stolen verifier attack, privilege insider attack, and denial of service attack. In this paper, we further analyze Islam and Biswas’ scheme and demonstrate that their scheme cannot resist password compromise impersonation attack. In order to remedy the weaknesses mentioned above, we propose an improved anonymous remote authentication scheme using smart card without using bilinear paring computation. In addition, the verifier tables are no longer existent, and the privacy of users could be protected better. Furthermore, our proposal not only inherits the advantages in Islam and Biswas’ scheme, but also provides more features, including preserving user anonymity, supporting offline password change, revocation, reregistration with the same identifier, and system update. Finally, we compare our enhancement with related works to illustrate that the improvement is more secure and robust, while maintaining low performance cost.

Citation

Download Citation

Lili Wang. "Analysis and Enhancement of a Password Authentication and Update Scheme Based on Elliptic Curve Cryptography." J. Appl. Math. 2014 (SI07) 1 - 11, 2014. https://doi.org/10.1155/2014/247836

Information

Published: 2014
First available in Project Euclid: 1 October 2014

zbMATH: 07131441
Digital Object Identifier: 10.1155/2014/247836

Rights: Copyright © 2014 Hindawi

Vol.2014 • No. SI07 • 2014
Back to Top