Security vulnerabilities of a novel remote user authentication scheme using smart card based on ECDLP

Abstract

In 2009, Jena et al. proposed a novel remote user authentication scheme using smart card based on Elliptic Curve Discrete Logarithm Problem (ECDLP) and claimed that the proposed scheme withstands to security threats. This paper analyzes Jena et al.'s scheme and found that the proposed scheme does not support mutual authentication, session key generation phase for secure communication. In addition, in Jena et al.'s scheme, the user is not free to change his password and the login request is insufficient for the remote server to authenticate the legitimacy of a valid remote user over insecure channel. However, in this paper, we show that Jena et al.'s proposed scheme is neither correct nor ideal and also vulnerable to some serious security vulnerabilities. © 2010 Springer-Verlag Berlin Heidelberg.