Verifier Based Prevention for an Offline Password Guessing Attack Using ECC

In remote server system, user authentication is an essential requirement. To verify the authenticity of the remote users over insure channel, various authentication methods have been proposed so far. The use of passwords for user authentication is very simple and commonly used method. The password selected by clients may be simple and easy to remember. Hence, it is responsibility of password authentication schemes to securely exchange password related information between server and client over insecure channel. Many password authentication schemes have been published but found susceptible to various attacks. ECC based existing password authentication scheme provides different features and efficient in some way. But it is found that the existing password authentication scheme is vulnerable to offline password guessing attack, stolen verifier attack and denial of service attack. The proposed password authentication scheme is based on ECC and password verifier. ECC is a public key cryptography system better than RSA cryptography because with the same key size, it gives a higher security level than RSA. Proposed scheme allows the client and server to select two random numbers independently and perform computations without exchanging them. Hence the attacker cant guess password from dictionary as he or she is unaware of random numbers selected by the client and server. Proposed password authentication scheme provides prevention scheme for an offline password guessing attack based on ECC. It also helps to securely share id based secret key between client and server.