Abstract
Password authentication schemes can be divided into two types. One requires the easy-to-remember password, and the other requires the strong password. In 2000, Sandirigama et al. proposed a simple and secure password authentication protocol (SAS). Then, Lin et al. showed that SAS suffers from two weaknesses and proposed an improvement (OSPA) in 2001. However, Chen and Ku pointed out that both SAS and OSPA are vulnerable to the stolen-verifier attack. We also find that these two protocols lack the property of mutual authentication. Hence, we propose an improvement of SAS and OSPA to defend against the stolen-verifier attack and provide mutual authentication in this paper.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bellovin, S., Merritt, M.: Encrypted Key Exchange: Password-based Protocols Secure against Dictionary Attacks. In: Proceedings of IEEE Symposium on Research in Security and Privacy, Oakland, California, May 1992, pp. 72–84 (1992)
Bellovin, S., Merritt, M.: Augmented Encrypted Key Exchange: A Password-based Protocol Secure against Dictionary Attacks and Password-file Compromise. In: Proceedings of 1st ACM Conference on Computer and Communications Security, Fairfax, Virginia, November 1993, pp. 244–250 (1993)
Boyko, V., MacKenzie, P., Patel, S.: Provably Secure Password Authentication Key Exchange Using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)
Chen, C.M., Ku, W.C.: Stolen-verifier Attack on Two New Strong-password Authentication Protocol. In: IEICE Transactions on Communications, November 2002, vol. E85-B(11), pp. 2519–2521 (2002)
Haller, N.: The S/KEY One-time Password System. In: Proceedings of Internet Society Symposium on Network and Distributed System Security, San Diego, California, February 1994, pp. 151–158 (1994)
Jablon, D.: Strong Password-only Authenticated Key Exchange. ACM Computer Communication Review 26(5), 5–26 (1996)
Jablon, D.: B-SPEKE. Integrity Science White Paper (September 1999)
Kwon, T.: Ultimate Solution to Authentication via Memorable Password. A Proposal for IEEE P13631: Password-based Authentication (May 2000)
Kwon, T.: Authentication and Key Agreement via Memorable Password. In: Proceedings on NDSS 2001 Symposium Conference, February 2001, San Diego, California (2001)
Lamport, L.: Password Authentication with Insecure Communication. Communications of ACM 24(11), 770–772 (1981)
Lin, C.L., Sun, H.M., Steiner, M., Hwang, T.: Attacks and Solutions on Strong-password Authentication. IEICE Transactions on Communications E84-B(9), 2622–2627 (2001)
Lomas, M., Gong, L., Saltzer, J., Needham, R.: Reducing Risks from Poorly Chosen Key. In: Proceedings of the 12th ACM Symposium on Operating Systems Principles, Litchfield Park, Arizona, December 1989, pp. 14–18 (1989)
Sandirigama, M., Shimizu, A., Noda, M.T.: Simple and Secure Password Authentication Protocol (SAS). IEICE Transactions on Communications E83-B(6), 1363–1365 (2000)
Shimizu, A.: A Dynamic Password Authentication Method by One-way Function. IEICE Transactions on Information and Systems 73-D-I(7), 630–636 (1990)
Shimizu, A.: A Dynamic Password Authentication Method by One-way Function. System and Computers in Japan 22(7) (1991)
Shimizu, A., Horioka, T., Inagaki, H.: A Password Authentication Method for Contents Communication on the Internet. IEICE Transactions on Communications E81-B(8), 1666–1763 (1998)
Wu, T.: The Secure Remote Password Protocol. In: Proceedings of Internet Society Symposium on Network and Distributed System Security, San Diego, California, March 1999, pp. 97–111 (1999)
Yi, X., Tan, C.H., Siew, C.K., Syed, M.R.: ID-based Key Agreement for Multimedia Encryption. IEEE Transactions on Consumer Electronics 48(2), 298–303 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chang, YF., Chang, CC. (2005). An Improvement on Strong-Password Authentication Protocols. In: Yang, L.T., Zhou, X., Zhao, W., Wu, Z., Zhu, Y., Lin, M. (eds) Embedded Software and Systems. ICESS 2005. Lecture Notes in Computer Science, vol 3820. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11599555_60
Download citation
DOI: https://doi.org/10.1007/11599555_60
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30881-2
Online ISBN: 978-3-540-32297-9
eBook Packages: Computer ScienceComputer Science (R0)