Comments on Yeh-Shen-Hwang's One-Time Password Authentication Scheme

The S/Key one-time password scheme is designed to counter replay attacks or eavesdropping attacks [2], [3]. With this scheme, the user’s secret pass-phrase never needs to cross the network at any time such as during authentication or during pass-phrase changes. Moreover, no secret information need be stored on any system, including the server being protected. Although the S/KEY scheme thus protects against passive attacks based on replaying captured reusable passwords, it is vulnerable to server spoofing attacks, preplay attacks and off-line dictionary attacks [1], [4], [5]. Recently, Yeh, Shen and Hwang proposed a one-time password authentication scheme, which enhances the S/KEY scheme to resist against the above attacks [1]. The authentication scheme uses smart cards to securely preserve a pre-shared secret S EED and simplify the user login process. In addition, it provides a session key to enable confidential communication over the network. Although their scheme can overcome the flaws of the S/KEY scheme as they claimed, we discover that it is vulnerable to other attacks such as denial of service attacks, stolen-verifier attacks and Denning-Sacco attacks [5]–[7]. Because the scheme uses a pre-shared secret S EED and the user’s weak pass-phrase, the leakage of S EED causes the scheme to retain the flaws of the S/KEY scheme. In this letter, the weaknesses and inconveniences of Yeh-Shen-Hwang’s scheme are demonstrated.