A security enhanced password authentication and update scheme based on elliptic curve cryptography Online publication date: Wed, 30-Jul-2014
by Pengshuai Qiao; Hang Tu
International Journal of Electronic Security and Digital Forensics (IJESDF), Vol. 6, No. 2, 2014
Abstract: As two fundamental requirements to ensure secure communications over an insecure public network channel, password authentication and update of password have received considerable attention. To satisfy the above two requirements, Islam and Biswas (2013) proposed a password authentication and update scheme based on elliptic curve cryptography. They claimed that their scheme could withstand various attacks. Unfortunately, He et al. (2012) found Islam and Biswas' scheme is still vulnerable to offline password guessing attack and stolen-verifier attack. In this paper, a security enhanced scheme is developed to eliminate the identified weaknesses. The analysis shows that our scheme not only overcomes the security vulnerability in Islam et al.'s scheme, but also has better performance than their scheme. Then our scheme is more suitable for practical applications.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Electronic Security and Digital Forensics (IJESDF):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com