Weaknesses and Improvements of Yang-Chang-Hwang's Password Authentication Scheme
نویسندگان
چکیده
In 2001, Tseng, Jan, and Chien proposed an improved version of Peyravian–Zunic’s password authentication scheme based on the Diffie–Hellman scheme. Later, Yang, Chang, and Hwang demonstrated that Tseng–Jan–Chien’s scheme is vulnerable to a modification attack, and then described an improved scheme. In this paper, we show that Yang–Chang–Hwang’s scheme is still vulnerable to a denial-of-service attack and a stolen-verifier attack. In addition, we also propose an improved scheme with better security.
منابع مشابه
Security Analysis and Improvements of a Password-Based Mutual Authentication Scheme with Session Key Agreement
Password-based authentication schemes have been widely adopted to protect resources from unauthorized access. In 2008, Chang-Lee proposed a friendly password-based mutual authentication scheme to avoid the security weaknesses of Wu-Chieu’s scheme. In this paper, we demonstrate that Chang-Lee’s scheme is vulnerable to user impersonation attack, server masquerading attack, password guessing attac...
متن کاملCryptanalysis of Liao-Lee-Hwang's Dynamic ID Scheme
Recently, Das, Saxena and Gulati proposed a dynamic Id based remote user authentication scheme that allows the users to choose and change their passwords freely and does not maintain verifier table. But their scheme has few weaknesses and cannot achieve mutual authentication. In 2005, Liao, Lee and Hwang showed that Das et al. scheme is vulnerable to guessing attack and proposed an enhanced sch...
متن کاملSecurity Weaknesses and Improvements of a Fingerprint-based Remote User Authentication Scheme Using Smart Cards
Abstract Recently, many biometrics-based user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication system. In 2006, Khan et al.[12] proposed an improved fingerprint-based remote user authentication scheme using smart cards that is achieved mutual authentication between the user and the server, while eliminating the drawback of Lee...
متن کاملComments on Yeh-Shen-Hwang's One-Time Password Authentication Scheme
The S/Key one-time password scheme is designed to counter replay attacks or eavesdropping attacks [2], [3]. With this scheme, the user’s secret pass-phrase never needs to cross the network at any time such as during authentication or during pass-phrase changes. Moreover, no secret information need be stored on any system, including the server being protected. Although the S/KEY scheme thus prot...
متن کاملTwo - factor Authentication Schemes Based Smart Card and Password with User Anonymity ⋆
Two-factor anonymous authentication using password and smart card could preserve user privacy and reduce the risk than the use of a single authentication factor. Recently, Chang et al. pointed some security weaknesses in Wang et al.’s anonymous authentication scheme and proposed enhanced scheme. They claimed that their scheme provides desired security properties. However, we show that Chang et ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Informatica, Lith. Acad. Sci.
دوره 16 شماره
صفحات -
تاریخ انتشار 2005