To ensure the security and reliability of communication in the smart grid, more and more authentication protocols have been applied in the communication process. For the authentication protocol proposed by Mahmood et al. (MAHMOOD K, CHAUDHRY S A, NAQVI H, et al. An elliptic curve cryptography based lightweight authentication scheme for smart grid communication. Future Generation Computer Systems. 2018,81:557-565), some defects were pointed out. For example, this protocol can be easily attacked by internal privileged personnel, is lack of password replacement phase and unfriendly to users, in which unique username cannot be guaranteed, even a formula error exists. To improve this protocol, an authentication protocol based on elliptic curve was proposed. Firstly, a login phase between the user and the device was added in the improved protocol. Secondly, elliptic curve cryptography puzzle was used to realize information exchange. Finally, the password replacement phase was added. Through the formal analysis by BAN (Burrows-Abadi-Needha) logic, the improved protocol is safe and feasible, which can resist internal personnel attacks, has password replacement and unique username, and is more friendly to users.

In the open network environment, identity authentication is an important means to ensure information security. Aiming at the authentication protocol proposed by Li, et al (LI X, WU F, KHAN M K, et al. A secure chaotic map-based remote authentication scheme for telecare medicine information systems. Future Generation Computer Systems, 2017, 84:149-159.), some security defects were pointed out, such as user impersonation attacks and denial service attacks. In order to overcome those vulnerabilities, a new protocol scheme with multi-factor was proposed. In this protocol, extended chaotic mapping was adopted, dynamic identity was used to protect user anonymity, and three-way handshake was used to achieve asynchronous authentication. Security analysis result shows that the new protocol can resist impersonation attacks and denial service attacks and protect user anonymity and unique identity.