Further Improvement on An Efficient and Secure Three-factor Based Authenticated Key Exchange Scheme Using Elliptic Curve Cryptosystems

Nowadays users can access various online services and resources from distributed information systems remotely via Internet or other public networks. However, remote online systems are vulnerable to many security attacks due to they are built on public networks. Therefore it is necessary to design an authentication scheme for securing network communications between a login user and a remote server. In 2016, Han et al. proposed a secure three-factor authentication scheme based on elliptic curve cryptography (ECC) to achieve this goal. Unfortunately, we analyzed Han et al.'s scheme and demonstrated that their authentication scheme cannot satisfactory to be implemented in practice because it fails to ensure the property of unlinkability between the login user and the remote server and is unable to withstand account duplication attack. In this paper, we suggest an enhanced anonymous authentication scheme to repair the security flaws in Han et al.'s scheme. We give the security analysis and performance evaluation to demonstrate that the proposed scheme not only resists the aforementioned security weaknesses on Han et al.'s scheme but also inherits the functionality merits and performance efficiencies of their authentication scheme.