Attacks and Solutions of Yang et al.'s Protected Password Changing Scheme
نویسندگان
چکیده
Recently, Yang et al. proposed an improvement to Tseng et al.’s protected password changing scheme that can withstand denial of service attack. However, the improved scheme is still susceptible to stolen-verifier attack and denial of service attack. Accordingly, the current paper demonstrates the vulnerability of Yang et al.’s scheme to two simple attacks and presents an improved protected password change scheme to resolve such problems. In contrast to Yang et al.’s protected password changing scheme and the existing password change schemes using server’s public key, the proposed scheme can securely update user passwords without a complicated process and server’s public key.
منابع مشابه
Security of Improvement on Methods for Protecting Password Transmission
Recently, Tseng et al. proposed an improvement on Peyravian and Zunic’s protected password transmission scheme and protected changing scheme to remove some security flaws. However, as we will point out in this paper, any adversary can intercept the request for changing the password sent by a legal user and modify it with a wrong password. Furthermore, we shall also propose an improved version o...
متن کاملSecure and Efficient Smart Card Based Remote User Password Authentication Scheme
In distributed systems, the smart card based password authentication, as one of the most convenient and efficient two-factor authentication mechanisms, is widely used to ensure that the protected services are not available to unauthorized users. Recently, Li et al. demonstrated that the smart card based password authentication scheme proposed by Chen et al. cannot provide perfect forward secrec...
متن کاملAn Improved Efficient Remote Password Authentication Scheme with Smart Card over Insecure Networks
In 2006, Liao et al. proposed a scheme over insecure networks. In 2006, Yoon-Yoo, and in 2008, Xiang et al. analyzed Liao et al.’s scheme and both of them pointed out, more or less, same vulnerabilities: like offline password guessing attack, impersonating the server by replay attack, denial of service attack on password changing and insider attack on it. But none of them suggested any solution...
متن کاملCryptanalysis of Timestamp-Based Password Authentication Schemes Using Smart Cards
Password authentication is an important mechanism for remote login systems, where only authorized users can be authenticated via using their passwords and/or some similar secrets. In 1999, Yang and Shieh [14] proposed two password authentication schemes using smart cards. Their schemes are not only very efficient, but also allow users to change their passwords freely and the server has no need ...
متن کاملAttacks on the Shen et al.'s Timestamp-Based Password Authentication Scheme Using Smart Cards
In 2003, Shen et al. proposed an improvement on YangShieh’s timestamp-based password authentication scheme using smart cards. Then they claimed that their scheme cannot withstand a forged login attack, but also eliminate a problem of Yang-Shieh’s. However, their scheme is still susceptible to forged login attack. In this letter, we show how the forged login attack can be worked out on Shen et a...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Informatica, Lith. Acad. Sci.
دوره 16 شماره
صفحات -
تاریخ انتشار 2005