A Robust and Efficient Remote Authentication Scheme from Elliptic Curve Cryptosystem
Recently, a two-factor authenticated key agreement scheme for session initiation protocol is published by Lu et al. in Multimedia Tools and Applications [doi:10.1007/s11042-015-3166-4]. I have examined this scheme and found some design flaws in it. Due to flaw in registration phase, the scheme is vulnerable to guessing attacks. However, flaws during key agreement phase hinder the functionality of the scheme in such a way that mutual authentication process between the user and the server is not viable.