Recently, Liu et al came up with an authentication with key agreement scheme for securing communication over the low-earth-orbit satellite communication systems.However, this paper demonstrates that this scheme cannot provide perfect forward secrecy or defend against the smart card stolen attack, and has some very bad design defects, making it unpractical. Thus, to design a truly secure authentication scheme for satellite communication systems, this paper presents a new scheme, making use of the advantages of elliptic curve cryptography and symmetric cryptography. The security analyses by the widely used BAN logic and heuristic discussions demonstrate that our new scheme possesses perfect security properties and can defend against various well-known malicious attacks. Moreover, our new scheme allows users to update passwords locally in accordance with their wishes, achieving a good user experience. KEYWORDS authentication, elliptic curve cryptography, satellite communication, smart card 1 | INTRODUCTION Low-earth-orbit satellite (LEOs) communication systems have aroused much attention nowadays due to their advantages to overcome the geographic and environmental limitations. Generally, a typical LEOs communication system is made up of the network control center (NCC), gateways, LEOs, and mobile devices/users, as briefly shown in Figure 1. In the LEOs communication systems, LEOs is mainly responsible for achieving wireless communication between mobile users and gateways by forwarding the communication messages between them. As we all known, wireless channel is open and easy to suffer from various malicious attacks. So, it is necessary and vital to make significant efforts to enhance the security of the LEOs communication systems.Authentication with key agreement protocol as a widely used security mechanism has been applied in many settings, such as wireless body area networks, 2 global mobility networks in smart city, 3 and internet of things (IoT). 4-7 Among them, Porambage et al 5 made use of the implicit certificate 8 to design a 2-phase authentication protocol for wireless sensor networks in distributed IoT applications, and Turkanovi c et al 6 designed an authentication with key agreement protocol for wireless sensor networks based on IoT notion. However, these 2 schemes have been shown in the literature 7 to suffer several attacks respectively. To be specific, the scheme 5 cannot provide user anonymity or defend against the user impersonation, denial of service, replay, man-in-the-middle, and privileged-insider attacks, and the scheme 6 cannot resist the offline password guessing, user impersonation, and privileged-insider attacks.To secure the communication over the LEOs communication systems, Cruickshank 9 first came up with an authentication scheme in 1996, and since then, numerous authentication schemes 1,10-17 for LEOs communication schemes have been presented, having their own advantages and disadvantages. In 2013, Hwang et al 10 put forward an authentication scheme for satellite communication systems, ...