article

Weaknesses of Yoon-Ryu-Yoo's hash-based password authentication scheme

Authors:

Wei-Chi Ku,

Min-Hung Chiang,

Shen-Tien ChangAuthors Info & Claims

ACM SIGOPS Operating Systems Review, Volume 39, Issue 1

Pages 85 - 89

https://doi.org/10.1145/1044552.1044561

Published: 01 January 2005 Publication History

Get Access

Abstract

In 2000, Peyravian and Zunic proposed an efficient hash-based password authentication scheme that can be easily implemented. Later, Lee, Li, and Hwang demonstrated that Peyravian-Zunic's scheme is vulnerable to an off-line guessing attack, and then proposed an improved version. However, Ku, Chen, and Lee pointed out that their scheme can not resist an off-line guessing attack, a denial-of-service attack, and a stolen-verifier attack. Recently, Yoon, Ryu, and Yoo proposed an improved scheme of Lee-Li-Hwang's scheme. Unfortunately, we find that Yoon-Ryu-Yoo's scheme is still vulnerable to an off-line guessing attack and a stolen-verifier attack. Furthermore, their scheme can not achieve backward secrecy. Herein, we first briefly review Yoon-Ryu-Yoo's scheme and then describe its weaknesses.

References

[1]

C. M. Chen and W. C. Ku, "Stolen-verifier attack on two new strong-password authentication protocols," IEICE Transactions on Communications, vol. E58-B, no. 11, pp. 2519--2521, Nov. 2002.]]

Google Scholar

[2]

J. J. Hwang and T. C. Yeh, "Improvement on Peyravian-Zunic's password authentication schemes," IEICE Transactions on Communications, vol. E85-B, no. 4, pp. 823--825, April 2002.]]

Google Scholar

[3]

W. C. Ku, C. M. Chen, and H. L. Lee, "Cryptanalysis of a variant of Peyravian-Zunic's password authentication scheme," IEICE Transactions on Communications, vol. E86-B, no. 5, pp. 1682--1684, May 2003.]]

Google Scholar

[4]

W. C. Ku, C. M. Chen, and H. L. Lee, "Weaknesses of Lee-Li-Hwang's hash-based password authentication scheme," ACM Operating Systems Review, vol. 37, no. 4, pp. 19--25, Oct. 2003.]]

Digital Library

Google Scholar

[5]

C. C. Lee, L. H. Li, and M. S. Hwang, "A remote user authentication scheme using hash functions," ACM Operating Systems Review, vol. 36, no. 4, pp. 23--29, Oct. 2002.]]

Digital Library

Google Scholar

[6]

C. L. Lin, H. M. Sun, and T. Hwang, "Attacks and solutions on strong-password authentication," IEICE Transactions on Communications, vol. E84-B, no. 9, pp. 2622--2627, Sept. 2001.]]

Google Scholar

[7]

National Institute of Standards and Technology, "Secure hash standard," FIPS Publication 180-1, April 1995.]]

Google Scholar

[8]

M. Peyravian and N. Zunic, "Methods for protecting password transmission," Computers & Security, vol. 19, no. 5, pp. 466--469, July 2000.]]

Digital Library

Google Scholar

[9]

R. Rivest, "The MD5 message-digest algorithm," RFC 1321, April 1992.]]

Digital Library

Google Scholar

[10]

E. J. Yoon, E. K. Ryu, and K. Y. Yoo, "A secure user authentication scheme using hash functions," ACM Operating Systems Review, vol. 38, no. 2, pp. 62--68, April 2004.]]

Digital Library

Google Scholar

Cited By

View all

Qiao PTu H(2014)A security enhanced password authentication and update scheme based on elliptic curve cryptographyInternational Journal of Electronic Security and Digital Forensics10.1504/IJESDF.2014.0631096:2(130-139)Online publication date: 1-Jul-2014
https://dl.acm.org/doi/10.1504/IJESDF.2014.063109
Hafizul Islam SBiswas G(2013)Design of improved password authentication and update scheme based on elliptic curve cryptographyMathematical and Computer Modelling10.1016/j.mcm.2011.07.00157:11-12(2703-2717)Online publication date: Jun-2013
https://doi.org/10.1016/j.mcm.2011.07.001
He DWu SChen J(2012)Note on ‘Design of improved password authentication and update scheme based on elliptic curve cryptography’Mathematical and Computer Modelling10.1016/j.mcm.2011.10.07955:3-4(1661-1664)Online publication date: Feb-2012
https://doi.org/10.1016/j.mcm.2011.10.079
Show More Cited By

Index Terms

Weaknesses of Yoon-Ryu-Yoo's hash-based password authentication scheme

Recommendations

Weaknesses of Lee-Li-Hwang's hash-based password authentication scheme

Many password authentication schemes employ hash functions as their basic building blocks to achieve better efficiency. In 2000, Peyravian and Zunic proposed a hash-based password authentication scheme that is efficient and can be easily implemented. ...
A secure and efficient strong-password authentication protocol

Password authentication protocols are divided into two types. One employs the easy-to-remember password while the other requires the strong password. In 2001, Lin et al. proposed an optimal strong-password authentication protocol (OSPA) to resist the ...
Two simple attacks on Lin-Shen-Hwang's strong-password authentication protocol

In 2001, Lin, Sun, and Hwang proposed a strong-password authentication protocol, OSPA, which was later found to be vulnerable to a stolen-verifier attack and a man-in-the-middle attack. Recently, Lin, Shen, and Hwang [10] proposed an improved protocol ...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGOPS Operating Systems Review

ACM SIGOPS Operating Systems Review Volume 39, Issue 1

January 2005

93 pages

ISSN:0163-5980

DOI:10.1145/1044552

Issue’s Table of Contents

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 January 2005

Published in SIGOPS Volume 39, Issue 1

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

15
Total Citations
View Citations
493
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Qiao PTu H(2014)A security enhanced password authentication and update scheme based on elliptic curve cryptographyInternational Journal of Electronic Security and Digital Forensics10.1504/IJESDF.2014.0631096:2(130-139)Online publication date: 1-Jul-2014
https://dl.acm.org/doi/10.1504/IJESDF.2014.063109
Hafizul Islam SBiswas G(2013)Design of improved password authentication and update scheme based on elliptic curve cryptographyMathematical and Computer Modelling10.1016/j.mcm.2011.07.00157:11-12(2703-2717)Online publication date: Jun-2013
https://doi.org/10.1016/j.mcm.2011.07.001
He DWu SChen J(2012)Note on ‘Design of improved password authentication and update scheme based on elliptic curve cryptography’Mathematical and Computer Modelling10.1016/j.mcm.2011.10.07955:3-4(1661-1664)Online publication date: Feb-2012
https://doi.org/10.1016/j.mcm.2011.10.079
Jung HKim H(2011)Secure hash-based password authentication protocol using smartcardsProceedings of the 2011 international conference on Computational science and Its applications - Volume Part V10.5555/2029427.2029482(593-606)Online publication date: 20-Jun-2011
https://dl.acm.org/doi/10.5555/2029427.2029482
Islam SBiswas G(2011)A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystemJournal of Systems and Software10.1016/j.jss.2011.06.06184:11(1892-1898)Online publication date: 1-Nov-2011
https://dl.acm.org/doi/10.1016/j.jss.2011.06.061
Jung HKim H(2011)Secure Hash-Based Password Authentication Protocol Using SmartcardsComputational Science and Its Applications - ICCSA 201110.1007/978-3-642-21934-4_48(593-606)Online publication date: 2011
https://doi.org/10.1007/978-3-642-21934-4_48
Park JLee JChang J(2009)An efficient remote user authentication scheme secure against the off-line password guessing attack by power analysisProceedings of the 11th international conference on Advanced Communication Technology - Volume 210.5555/1701835.1701912(1289-1292)Online publication date: 15-Feb-2009
https://dl.acm.org/doi/10.5555/1701835.1701912
Wang BShu-Hua LZhang H(2009)Further Analysis and Improvement of Yoon et al.'s Hash-Based User Authentication SchemeProceedings of the 2009 WRI International Conference on Communications and Mobile Computing - Volume 0310.1109/CMC.2009.271(480-484)Online publication date: 6-Jan-2009
https://dl.acm.org/doi/10.1109/CMC.2009.271
Lin SXie Q(2009)A Secure and Efficient Mutual Authentication Protocol Using Hash FunctionProceedings of the 2009 WRI International Conference on Communications and Mobile Computing - Volume 0310.1109/CMC.2009.129(545-548)Online publication date: 6-Jan-2009
https://dl.acm.org/doi/10.1109/CMC.2009.129
Tseng YWu TWu J(2008)A Pairing-Based User Authentication Scheme for Wireless Clients with Smart CardsInformatica10.5555/1414631.141463919:2(285-302)Online publication date: 1-Apr-2008
https://dl.acm.org/doi/10.5555/1414631.1414639
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Weaknesses of Lee-Li-Hwang's hash-based password authentication scheme

A secure and efficient strong-password authentication protocol

Two simple attacks on Lin-Shen-Hwang's strong-password authentication protocol

Comments

Information

Published In

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations