Analysis and Enhancement of a Password Authentication and Update Scheme Based on Elliptic Curve Cryptography
Recently, a password authentication and update scheme has been presented by Islam and Biswas to remove the security weaknesses in Lin and Huang’s scheme. Unfortunately, He et al., Wang et al., and Li have found out that Islam and Biswas’ improvement was vulnerable to offline password guessing attack...
Saved in:
| Main Author: | |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Wiley
2014-01-01
|
| Series: | Journal of Applied Mathematics |
| Online Access: | http://dx.doi.org/10.1155/2014/247836 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832558200077942784 |
|---|---|
| author | Lili Wang |
| author_facet | Lili Wang |
| author_sort | Lili Wang |
| collection | DOAJ |
| description | Recently, a password authentication and update scheme has been presented by Islam and Biswas to remove the security weaknesses in Lin and Huang’s scheme. Unfortunately, He et al., Wang et al., and Li have found out that Islam and Biswas’ improvement was vulnerable to offline password guessing attack, stolen verifier attack, privilege insider attack, and denial of service attack. In this paper, we further analyze Islam and Biswas’ scheme and demonstrate that their scheme cannot resist password compromise impersonation attack. In order to remedy the weaknesses mentioned above, we propose an improved anonymous remote authentication scheme using smart card without using bilinear paring computation. In addition, the verifier tables are no longer existent, and the privacy of users could be protected better. Furthermore, our proposal not only inherits the advantages in Islam and Biswas’ scheme, but also provides more features, including preserving user anonymity, supporting offline password change, revocation, reregistration with the same identifier, and system update. Finally, we compare our enhancement with related works to illustrate that the improvement is more secure and robust, while maintaining low performance cost. |
| format | Article |
| id | doaj-art-ba8c6926cde54e808a72350b4da22678 |
| institution | Kabale University |
| issn | 1110-757X 1687-0042 |
| language | English |
| publishDate | 2014-01-01 |
| publisher | Wiley |
| record_format | Article |
| series | Journal of Applied Mathematics |
| spelling | doaj-art-ba8c6926cde54e808a72350b4da226782025-02-03T01:33:03ZengWileyJournal of Applied Mathematics1110-757X1687-00422014-01-01201410.1155/2014/247836247836Analysis and Enhancement of a Password Authentication and Update Scheme Based on Elliptic Curve CryptographyLili Wang0Department of Computer Science, Dezhou University, Dezhou 253023, ChinaRecently, a password authentication and update scheme has been presented by Islam and Biswas to remove the security weaknesses in Lin and Huang’s scheme. Unfortunately, He et al., Wang et al., and Li have found out that Islam and Biswas’ improvement was vulnerable to offline password guessing attack, stolen verifier attack, privilege insider attack, and denial of service attack. In this paper, we further analyze Islam and Biswas’ scheme and demonstrate that their scheme cannot resist password compromise impersonation attack. In order to remedy the weaknesses mentioned above, we propose an improved anonymous remote authentication scheme using smart card without using bilinear paring computation. In addition, the verifier tables are no longer existent, and the privacy of users could be protected better. Furthermore, our proposal not only inherits the advantages in Islam and Biswas’ scheme, but also provides more features, including preserving user anonymity, supporting offline password change, revocation, reregistration with the same identifier, and system update. Finally, we compare our enhancement with related works to illustrate that the improvement is more secure and robust, while maintaining low performance cost.http://dx.doi.org/10.1155/2014/247836 |
| spellingShingle | Lili Wang Analysis and Enhancement of a Password Authentication and Update Scheme Based on Elliptic Curve Cryptography Journal of Applied Mathematics |
| title | Analysis and Enhancement of a Password Authentication and Update Scheme Based on Elliptic Curve Cryptography |
| title_full | Analysis and Enhancement of a Password Authentication and Update Scheme Based on Elliptic Curve Cryptography |
| title_fullStr | Analysis and Enhancement of a Password Authentication and Update Scheme Based on Elliptic Curve Cryptography |
| title_full_unstemmed | Analysis and Enhancement of a Password Authentication and Update Scheme Based on Elliptic Curve Cryptography |
| title_short | Analysis and Enhancement of a Password Authentication and Update Scheme Based on Elliptic Curve Cryptography |
| title_sort | analysis and enhancement of a password authentication and update scheme based on elliptic curve cryptography |
| url | http://dx.doi.org/10.1155/2014/247836 |
| work_keys_str_mv | AT liliwang analysisandenhancementofapasswordauthenticationandupdateschemebasedonellipticcurvecryptography |