Nowadays users can access various online services and
resources from distributed information systems remotely via Internet or
other public networks. However, remote online systems are vulnerable to
many security attacks due to they are built on public networks. Therefore
it is necessary to design an authentication scheme for securing network
communications between a login user and a remote server. In 2016, Han
et al. proposed a secure three-factor authentication scheme based on
elliptic curve cryptography (ECC) to achieve this goal. Unfortunately,
we analyzed Han et al.’s scheme and demonstrated that their authentication
scheme cannot satisfactory to be implemented in practice because
it fails to ensure the property of unlinkability between the login user and
the remote server and is unable to withstand account duplication attack.
In this paper, we suggest an enhanced anonymous authentication scheme
to repair the security flaws in Han et al.’s scheme. We give the security
analysis and performance evaluation to demonstrate that the proposed
scheme not only resists the aforementioned security weaknesses on Han
et al.’s scheme but also inherits the functionality merits and performance
efficiencies of their authentication scheme.
