Recently, Aydos et al. proposed an ECC-based wireless authentication protocol. Because their protocol is based on ECC, the protocol has significant advantage including lower computational burden, lower communication bandwidth and storage requirements. However, Mangipudi et al showed that the protocol is vulnerable to the man-inthe-middle attack from the attacker within the system and proposed a user authentication protocol to prevent the attack. This paper further shows that Aydos et al.’s protocol is vulnerable to man-in-the-middle attack from any attacker not restricted on the inside attacker. Then, a forging certificate attack on Mangipudi et al’s protocol is presented. Next, the reasons that Aydos et al’s protocol and Mangipudi et al’s protocol suffer the attacks are analyzed. Finally, we propose a novel ECC-based wireless authentication protocol and analyze the security of our protocol.