In this paper, we cryptanalyze Kim et al.’s scheme and point out several weaknesses in their scheme. Off-line password guessing/dictionary attack could be effective. Moreover, we demonstrate that there is a mistake in their security analysis. To remedy the weaknesses, we propose a more secure, robust and practical scheme, which is designed for portable devices based upon the discrete logarithm on elliptic curve. In addition, the expensive synchronization clock system is replaced by nonce(ephemeral random number), and the new scheme provides more functions for security and flexibility, including key agreement, password change, secret number update, revocation and DoS-resistant. Finally, security analysis shows that our scheme could resist the known common attacks.
Li, Xuelei; Wen, Fengtong; and Cui, Shenjun
"A strong password-based remote mutual authentication with key agreement scheme on elliptic curve cryptosystem for portable devices,"
Applied Mathematics & Information Sciences: Vol. 06:
2, Article 6.
Available at: https://digitalcommons.aaru.edu.jo/amis/vol06/iss2/6