Security analysis and design of an efficient ECC-based two-factor password authentication scheme

Client-server-based communications provide a facility by which users can get several services from home via the Internet. As the Internet is an insecure channel, it is needed to protect information of communicators. An authentication scheme can fulfill the aforementioned requirements. Recently, Huang et al. presented an elliptic curve cryptosystem-based password authentication scheme. This work has demonstrated that the scheme of Huang et al. has security weakness against the forgery attack. In addition, this paper also presented that the scheme of Huang et al. has some design drawbacks. Therefore, this paper has focused on excluding the security vulnerabilities of the scheme of Huang et al. by proposing an elliptic curve cryptosystem-based password authentication scheme using smart card. The security of our scheme is based on the hardness assumption of the one-way hash functions and elliptic curve discrete logarithm problem. Furthermore, we have demonstrated that our scheme is secured against known attacks. The performance of our scheme is also nearly equal when compared to related competing schemes. Copyright (C) 2016 John Wiley & Sons, Ltd.