Note on 'Design of improved password authentication and update scheme based on elliptic curve cryptography'

Secured password authentication and update of passwords are two essential requirements for remote login over unreliable networks. In this paper, an elliptic curve cryptography (ECC) based technique has been proposed that not only satisfies the above two requirements, but also provides additional security requirements that are not available in some schemes proposed so far. For instances, the Peyravian and Zunic’s scheme does not provide the protection against the password guessing attack, server spoofing attack and data eavesdropping attack. Although somemodifications to remove these attacks have been proposed by Hwang and Yeh, Lee et al., it has been found that some attacks like replay attack, server spoofing attack, data eavesdropping attack, etc. are still possible. Subsequently, Hwang and Yeh’s scheme is further improved by Lin and Hwang, which has been analyzed in this paper and certain security flaws have been identified. We have attempted to remove these security flaws and proposed an ECC-based scheme that in addition to the secured password authentication and password update, it protects several related attacks efficiently. As a proof of our claim, the detailed security analysis of the proposed scheme against the attacks has been given. One advantage of the proposed scheme is that it generates an ECC-based common secret key that canbeused for symmetric encryption, which requires lesser processing time than the time required in the public key encryption-based techniques. © 2011 Elsevier Ltd. All rights reserved.