Skip to main content
SpringerLink
Log in

Weaknesses and Improvements of Kuo-Lee’s One-Time Password Authentication Scheme

  • Conference paper
Communication and Networking (FGCN 2009)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 56))

  • 1199 Accesses

Abstract

Authentication of communicating entities and confidentiality of transmitted data are fundamental procedures to establish secure communications over public insecure networks. Recently, many researchers proposed a variety of authentication schemes to confirm legitimate users. Among the authentication schemes, a one-time password authentication scheme requires less computation and considers the limitations of mobile devices. The purpose of a one-time password authentication is to make it more difficult to gain unauthorized access to restricted resources.This paper discusses the security of Kuo-Lee’s one-time password authentication scheme. Kuo-Lee proposed to solve the security problem based on Tsuji-Shimizu’s one-time password authentication scheme. It was claimed that their proposed scheme could withstand a replay attack, a theft attack and a modification attack. Therefore, the attacker cannot successfully impersonate the user to log into the system. However, contrary to the claim, Kuo-Lee’s scheme does not achieve its main security goal to authenticate communicating entities. We show that Kuo-Lee’s scheme is still insecure under a modification attack, a replay attack and an impersonation attack, in which any attacker can violate the authentication goal of the scheme without intercepting any transmitted message. We also propose a scheme that resolves the security flaws found in Kuo-Lee’s scheme.

This work was supported by the Ministry of Knowledge Economy, Korea, under the ITRC(Information Technology Research Center) support program supervised by the IITA(Institute of Information Technology Advancement) (IITA-2009-(C1090-0902-0016)) and the Defense Acquisition Program Administration and Agency for Defense Development under the contract UD070054AD.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Lamport, L.: Password authentication with insecure communication. Commun. ACM 24(11), 770–772 (1981)

    Article  MathSciNet  Google Scholar 

  2. Shimizu, A.: A dynamic password authentication method by oneway function. System and Computers in Japan 22(7), 32–40 (1991)

    Article  Google Scholar 

  3. Haller, N.M.: The S/KEY (TM) one-time password system. In: Proc. Internet Society Symposium on Network and Distributed System Security, February 1994, pp. 151–158 (1994)

    Google Scholar 

  4. Shimizu, A., Horioka, T., Inagaki, H.: A password authentication method for contents communication on the Internet. IEICE Trans. Commun. E81-B(8), 1666–1673 (1998)

    Google Scholar 

  5. Sandirigama, M., Shimizu, A., Noda, M.T.: Simple and Secure password authentication protocol (SAS). IEICE Trans. Commun. E83-B(6), 1363–1365 (2000)

    Google Scholar 

  6. Lin, C.L., Sun, H.M., Hwang, T.: Attack and solutions on strong-password authentication. IEICE Trans. Commun. E84-B(9), 2622–2627 (2001)

    Google Scholar 

  7. Tsuji, T., Kamioka, T., Shimizu, A.: Simple and Secure password authentication protocol, ver.2 (SAS-2), IEICE Technical Report, OIS 2002–30 (September 2002)

    Google Scholar 

  8. Chien, H.Y., Jan, J.K.: Robust and simple authentication protocol. Comput. J. 46(2), 193–201 (2003)

    Article  MATH  Google Scholar 

  9. Tsuji, T., Shimizu, A.: One-time password authentication protocol against theft attacks. IEICE Trans. on Commun. E87-B(3), 523–529 (2004)

    Google Scholar 

  10. Lin, C.L., Hung, C.P.: One-Time password authentication protocol against theft attacks. IEICE Trans. on Commun. E89-B(12), 3425–3427 (2006)

    Article  Google Scholar 

  11. Kuo, W.C., Lee, Y.C.: Attack and improvement on the one-time password authentication protocol against theft attacks. In: Proc. of the Sixth International Conference on Machine Learning and Cybernetics, Hong Kong, August 2007, pp. 19–22 (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Information and Communication Engineering, Sungkyunkwan University, Suwon, 440-746, Republic of Korea

    Mijin Kim, Byunghee Lee, Seungjoo Kim & Dongho Won

Authors
  1. Mijin Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Byunghee Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Seungjoo Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dongho Won
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Warsaw & Infobright Inc., Poland

    Dominik Ślęzak

  2. Hannam University, 306-791, Daejeon, South Korea

    Tai-hoon Kim

  3. National Chung Cheng University, Chiayi County, Taiwan

    Alan Chin-Chen Chang

  4. University of Western Macedonia, West Macedonia, Greece

    Thanos Vasilakos

  5. Tianjin University, China

    MingChu Li

  6. Faculty of Information Science and Electrical Engineering, Kyushu University, 6-10-1 Hakozaki, 812-8581, Fukuoka, Japan

    Kouichi Sakurai

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kim, M., Lee, B., Kim, S., Won, D. (2009). Weaknesses and Improvements of Kuo-Lee’s One-Time Password Authentication Scheme. In: Ślęzak, D., Kim, Th., Chang, A.CC., Vasilakos, T., Li, M., Sakurai, K. (eds) Communication and Networking. FGCN 2009. Communications in Computer and Information Science, vol 56. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10844-0_49

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-10844-0_49

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-10843-3

  • Online ISBN: 978-3-642-10844-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation