Based upon Elliptic Curve Cryptosystem, a simple password user authentication scheme was proposed by Lu et al. for grid computing. In their scheme, Lu et al. not only kept the advantages of Yoon et al.'s scheme, but enhanced the efficiency of mutual authentication and at the same time avoided the stolen-verifier attacks as well. However, their scheme is proven to be unable to resist the off-line password guessing attacks. Apart from that, the problem of people masquerading as a server to communicate with the other users in their scheme is also inevitable. Therefore, an ameliorative password-based authentication scheme is proposed subsequently in this paper to achieve perfect forward secrecy and to resist replay attacks, server spoofing attacks, on-line and off-line password guessing attacks and impersonation attacks. The proposed scheme is shown to be more secure and practical than those previously proposed schemes.
International Journal of Innovative Computing, Information and Control 7(7), pp.1－10-01006