Int. J. of Electronic Security and Digital Forensics   »   2014 Vol.6, No.2



Title: A security enhanced password authentication and update scheme based on elliptic curve cryptography


Authors: Pengshuai Qiao; Hang Tu


North China University of Water Resources and Electric Power, Zhengzhou, 450045, China
School of Computer, Wuhan University, Wuhan, 430072, China


Abstract: As two fundamental requirements to ensure secure communications over an insecure public network channel, password authentication and update of password have received considerable attention. To satisfy the above two requirements, Islam and Biswas (2013) proposed a password authentication and update scheme based on elliptic curve cryptography. They claimed that their scheme could withstand various attacks. Unfortunately, He et al. (2012) found Islam and Biswas' scheme is still vulnerable to offline password guessing attack and stolen-verifier attack. In this paper, a security enhanced scheme is developed to eliminate the identified weaknesses. The analysis shows that our scheme not only overcomes the security vulnerability in Islam et al.'s scheme, but also has better performance than their scheme. Then our scheme is more suitable for practical applications.


Keywords: password authentication; elliptic curve cryptography; ECC; offline password guessing attacks; stolen-verifier attacks; network security; update schemes; secure communications; public networks.


DOI: 10.1504/IJESDF.2014.063109


Int. J. of Electronic Security and Digital Forensics, 2014 Vol.6, No.2, pp.130 - 139


Submission date: 17 Oct 2013
Date of acceptance: 04 Feb 2014
Available online: 02 Jul 2014



Editors Full text accessAccess for SubscribersPurchase this articleComment on this article