A Secure Strong-Password Authentication Protocol

• Autorzy: Wu H.-C. , Hwang M.-S. , Liu C.-H.
• Języki publikacji: EN

Abstrakty

EN

Password authentication, which is widely used for authenticated method, also is important protocol by requiring a username and password before being allowed access to resources. In 2001, Lin et al. proposed the optimal strong-password authentication protocol, called (OSPA) which is a one-time password method by verifying with the different verifier every time for affirming its identity. However, Chen-Ku and Tsuji-Shimizu pointed respectively out that OSPA is vulnerable to the stolen-verifier attack and impersonation attack. In this paper, we shall propose the improved protocol secure against the known attacks to enhance the security

Słowa kluczowe

EN

authentication; cryptography; hash function; password

• Wydawca: IOS Press
• Czasopismo: Fundamenta Informaticae
• Rocznik: 2005
• Tom: Vol. 68, nr 4
• Strony: 399--406
• Opis fizyczny: Bibliogr. 16 poz., tab.

Twórcy

autor

Wu H.-C.

• Department of Information Management, NationalTaichung Institute of Technology, 129 Sec. 3.San-min RD., Taichung, Taiwan 404, R.O.C.

autor

Hwang M.-S.

• Department of Management Information Systems, National Chung Hsing University, 250 Kuo Kuang Road, Taichung, Taiwan 402, R.O.C.

autor

Liu C.-H.

• Graduate Institute of Networking and Communication Engineering, Chao Yang University of Technology, 168 Gifeng E. Rd., Wufeng, Taichung County, Taiwan 413, R.O.C.

Bibliografia

• [1] Ya-Fen Chang and Chin-Chen Chang, "A secure and efficient strong-password authentication protocol”, ACM Operating Systems Review, vol. 38, no. 3, pp. 79-90, 2004.
• [2] Chien-Ming Chen and Wei-Chi Ku “Stolen-verifier attack on two new strong-password authentication protocols", IEICE Transactions on Communications, vol. E85-B, pp. 2519-2521, November 2002.
• [3] Song-Kong Chong, Hsien-ChuWu, and Chia-ChunWu, “A scheme for key management on alternate temporal key hash”, International Journal of Network Security, vol. 1, no. 1, pp. 8-13, 2005.
• [4] Min-Shiang Hwang, Cheng-Chi Lee, and Yuan-Liang Tang, “An improvement of SPLICE/AS in WIDE against guessing attack”, International Journal of Informatica, vol. 12, no. 2, pp. 297-302, 2001.
• [5] Min-Shiang Hwang, Cheng-Chi Lee, and Yuan-Liang Tang ,“A simple remote user authentication scheme”, Mathematical and Computer Modelling, vol. 36, pp. 103-107, Oct. 2002.
• [6] L. Lamport, “Password authentication with insecure communication”, Communications of the ACM, vol. 24, pp. 770-772, November 1981.
• [7] Cheng-Chi Lee, “Two attacks on the Wu-Hsu user identification scheme”, International Journal of Network Security, vol. 1, no. 2, pp. 67-68, 2005.
• [8] Li-Hua Li, Iuon-Chung Lin, and Min-Shiang Hwang, “A remote password authentication scheme for multiserver architecture using neural networks”, IEEE Transactions on Neural Networks, vol. 12, no. 6, pp. 1498-1504, 2001.
• [9] C. L. Lin, H.M. Sun, and T. Hwang, “Attacks and solutions on strong-password authentication”, IEICE Transactions on Communications, vol. E84-B, pp. 2622-2627, September 2001.
• [10] Chih-Wei Lin, Jau-Ji Shen, and Min-Shiang Hwang, “Security enhancement for optimal strong-password authentication protocol”, ACM Operating Systems Review, vol. 37, no. 2, pp. 7-12, 2003.
• [11] Iuon-Chung Lin, Min-Shiang Hwang, and Li-Hua Li, “A new remote user authentication scheme for multiserver architecture”, Future Generation Computer Systems, vol. 19, no. 1, pp. 13-22, 2003.
• [12] M. Sandirigama, A. Shimizu, and M. T. Noda, “Simple and secure password authentication protocol (SAS)”, IEICE Transactions on Communications, vol. E83-B, pp. 1363-1365, June 2000.
• [13] Jau-Ji Shen, Chih-Wei Lin, and Min-Shiang Hwang, “A modified remote user authentication scheme using smart cards”, IEEE Transactions on Consumer Electronics, vol. 49, no. 2, pp. 414-416, 2003.
• [14] Takasuke Tsuji and Akihiro Shimizu, “An impersonation attack on one-time password authentication protocol OSPA,” IEICE Transactions on Communications, vol. E86-B, no. 7, pp. 2182-2185, 2003.
• [15] Hsien-Chu Wu and Chi-Yu Liu, “Cryptanalysis of a secure one-time password authentication scheme with low-communication for mobile communications”, International Journal of Network Security, vol. 1, no. 1, pp. 32-34, 2005.
• [16] Cheng-Ying Yang, Cheng-Chi Lee, and Shu-Yin Hsiao, “Man-in-the-middle attack on the authentication of the user from the remote autonomous object”, International Journal of Network Security, vol. 1, no. 1, pp. 22-24, 2005.