Next Article in Journal
Password-Hashing Status
Previous Article in Journal
Analysis of Entropy in a Hardware-Embedded Delay PUF
Article Menu

Export Article

Open AccessArticle
Cryptography 2017, 1(1), 9;

Cryptanalysis and Improvement of ECC Based Authentication and Key Exchanging Protocols

School of Computing, University of North Florida, Jacksonville, FL 32224, USA
This paper is an extended version of our paper published in CICN 2015: Khatwani, C.; Roy, S. Security Analysis of ECC Based Authentication Protocols. In the Proceedings of the 2015 International Conference on Computational Intelligence and Communication Networks (CICN), Jabalpur, India, 12–14 December 2015; pp. 1167–1172.
Author to whom correspondence should be addressed.
Academic Editor: Kwangjo Kim
Received: 3 April 2017 / Revised: 11 May 2017 / Accepted: 29 May 2017 / Published: 13 June 2017
Full-Text   |   PDF [1124 KB, uploaded 13 June 2017]   |  


Elliptic curve cryptography (ECC) is extensively used in various multifactor authentication protocols. In this work, various recent ECC-based authentication and key exchange protocols are subjected to threat modeling and static analysis to detect vulnerabilities and to enhance them to be more secure against threats. This work demonstrates how currently-used ECC-based protocols are vulnerable to attacks. If protocols are vulnerable, damage could include critical data loss and elevated privacy concerns. The protocols considered in this work differ in their usage of security factors (e.g., passwords, pins and biometrics), encryption and timestamps. The threat model considers various kinds of attacks including denial of service, man in the middle, weak authentication and SQL injection. Countermeasures to reduce or prevent such attacks are suggested. Beyond cryptanalysis of current schemes and the proposal of new schemes, the proposed adversary model and criteria set forth provide a benchmark for the systematic evaluation of future two-factor authentication proposals. View Full-Text
Keywords: elliptic curve cryptography; authentication protocols; key exchanging protocols elliptic curve cryptography; authentication protocols; key exchanging protocols

Figure 1

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited (CC BY 4.0).

Share & Cite This Article

MDPI and ACS Style

Roy, S.; Khatwani, C. Cryptanalysis and Improvement of ECC Based Authentication and Key Exchanging Protocols. Cryptography 2017, 1, 9.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Metrics

Article Access Statistics



[Return to top]
Cryptography EISSN 2410-387X Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top