Skip to main content
SpringerLink
Log in

An Improvement on Strong-Password Authentication Protocols

  • Conference paper
Book cover Embedded Software and Systems (ICESS 2005)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3820))

Included in the following conference series:

  • 934 Accesses

Abstract

Password authentication schemes can be divided into two types. One requires the easy-to-remember password, and the other requires the strong password. In 2000, Sandirigama et al. proposed a simple and secure password authentication protocol (SAS). Then, Lin et al. showed that SAS suffers from two weaknesses and proposed an improvement (OSPA) in 2001. However, Chen and Ku pointed out that both SAS and OSPA are vulnerable to the stolen-verifier attack. We also find that these two protocols lack the property of mutual authentication. Hence, we propose an improvement of SAS and OSPA to defend against the stolen-verifier attack and provide mutual authentication in this paper.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  • Bellovin, S., Merritt, M.: Encrypted Key Exchange: Password-based Protocols Secure against Dictionary Attacks. In: Proceedings of IEEE Symposium on Research in Security and Privacy, Oakland, California, May 1992, pp. 72–84 (1992)

    Google Scholar 

  • Bellovin, S., Merritt, M.: Augmented Encrypted Key Exchange: A Password-based Protocol Secure against Dictionary Attacks and Password-file Compromise. In: Proceedings of 1st ACM Conference on Computer and Communications Security, Fairfax, Virginia, November 1993, pp. 244–250 (1993)

    Google Scholar 

  • Boyko, V., MacKenzie, P., Patel, S.: Provably Secure Password Authentication Key Exchange Using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  • Chen, C.M., Ku, W.C.: Stolen-verifier Attack on Two New Strong-password Authentication Protocol. In: IEICE Transactions on Communications, November 2002, vol. E85-B(11), pp. 2519–2521 (2002)

    Google Scholar 

  • Haller, N.: The S/KEY One-time Password System. In: Proceedings of Internet Society Symposium on Network and Distributed System Security, San Diego, California, February 1994, pp. 151–158 (1994)

    Google Scholar 

  • Jablon, D.: Strong Password-only Authenticated Key Exchange. ACM Computer Communication Review 26(5), 5–26 (1996)

    Article  Google Scholar 

  • Jablon, D.: B-SPEKE. Integrity Science White Paper (September 1999)

    Google Scholar 

  • Kwon, T.: Ultimate Solution to Authentication via Memorable Password. A Proposal for IEEE P13631: Password-based Authentication (May 2000)

    Google Scholar 

  • Kwon, T.: Authentication and Key Agreement via Memorable Password. In: Proceedings on NDSS 2001 Symposium Conference, February 2001, San Diego, California (2001)

    Google Scholar 

  • Lamport, L.: Password Authentication with Insecure Communication. Communications of ACM 24(11), 770–772 (1981)

    Article  MathSciNet  Google Scholar 

  • Lin, C.L., Sun, H.M., Steiner, M., Hwang, T.: Attacks and Solutions on Strong-password Authentication. IEICE Transactions on Communications E84-B(9), 2622–2627 (2001)

    Google Scholar 

  • Lomas, M., Gong, L., Saltzer, J., Needham, R.: Reducing Risks from Poorly Chosen Key. In: Proceedings of the 12th ACM Symposium on Operating Systems Principles, Litchfield Park, Arizona, December 1989, pp. 14–18 (1989)

    Google Scholar 

  • Sandirigama, M., Shimizu, A., Noda, M.T.: Simple and Secure Password Authentication Protocol (SAS). IEICE Transactions on Communications E83-B(6), 1363–1365 (2000)

    Google Scholar 

  • Shimizu, A.: A Dynamic Password Authentication Method by One-way Function. IEICE Transactions on Information and Systems 73-D-I(7), 630–636 (1990)

    Google Scholar 

  • Shimizu, A.: A Dynamic Password Authentication Method by One-way Function. System and Computers in Japan 22(7) (1991)

    Google Scholar 

  • Shimizu, A., Horioka, T., Inagaki, H.: A Password Authentication Method for Contents Communication on the Internet. IEICE Transactions on Communications E81-B(8), 1666–1763 (1998)

    Google Scholar 

  • Wu, T.: The Secure Remote Password Protocol. In: Proceedings of Internet Society Symposium on Network and Distributed System Security, San Diego, California, March 1999, pp. 97–111 (1999)

    Google Scholar 

  • Yi, X., Tan, C.H., Siew, C.K., Syed, M.R.: ID-based Key Agreement for Multimedia Encryption. IEEE Transactions on Consumer Electronics 48(2), 298–303 (2002)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Engineering and Computer Science, Feng Chia University, Taichung, 40724, Taiwan,R.O.C

    Chin-Chen Chang

  2. Department of Computer Science and Information Engineering, National Chung Cheng University, Chiayi, 621, Taiwan, R.O.C

    Ya-Fen Chang & Chin-Chen Chang

Authors
  1. Ya-Fen Chang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chin-Chen Chang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, St. Francis Xavier University, Antigonish, Canada

    Laurence T. Yang

  2. School of Computer Science, Northwestern Polytechnical University, 710072, Xi’an, P.R. China

    Xingshe Zhou

  3. Department of Radiology, State University of New York at Stony Brook, L-4, 120 Health Sciences Center, 1793-8460, Stony Brook, New York

    Wei Zhao

  4. College of Computer Science, Zhejiang University, 310027, Hangzhou, Zhejiang, China

    Zhaohui Wu

  5. Northwestern Polytechnical University, No. 127 West Youyi Road, P.O. Box 404, 710072, Xi’an City, Shaanxi Province, China

    Yian Zhu

  6. Department of Mathematics, Statistics and Computer Science, St. Francis Xavier University,  

    Man Lin

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Chang, YF., Chang, CC. (2005). An Improvement on Strong-Password Authentication Protocols. In: Yang, L.T., Zhou, X., Zhao, W., Wu, Z., Zhu, Y., Lin, M. (eds) Embedded Software and Systems. ICESS 2005. Lecture Notes in Computer Science, vol 3820. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11599555_60

Download citation

  • DOI: https://doi.org/10.1007/11599555_60

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-30881-2

  • Online ISBN: 978-3-540-32297-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation