skip to main content
10.1145/1806338.1806372acmotherconferencesArticle/Chapter ViewAbstractPublication PagesiiwasConference Proceedingsconference-collections
research-article

Improvement of Hölbl et al. user authentication protocol and password change protocol

Published: 14 December 2009 Publication History

Abstract

Many remote authentication and key exchange protocols have been published in recent years. In 2008 Hölbl et al. proposed a password-based protocol for remote user authentication and password changing. This protocol protects message transmission between senders and receivers over insecure networks. In this paper we will show that the Hölbl et al. protocol remains vulnerable to stolen-verifier attack, off-line password guessing attack, and Denial-of-Service (DoS) attack. In addition, we proposed an improve protocol to withstand such security flaws.

References

[1]
W. Diffie, M. Hellman, New directions in cryptography. IEEE Transactions on Information Theory IT-22 (6) (1976)644--654.
[2]
L. Lamport, Password authentication with insecure communication, Communications of ACM, vol. 24, no. 11, 1981, pp. 770--772.
[3]
M. Peyravian, C. Jeffries, Secure remote user access over insecure networks, Computer Communications 29 (5--6) (2006) 660--667.
[4]
K. A. Shim, Security flaws of remote user access over insecure networks, Computer Communications 30 (1) (2006) 117--121.
[5]
J. Munilla, A. Peinado, Off-line password-guessing attack to Peyravian-jeffries's remote user authentication protocol, Computer Communications30 (1) (2006) 52--54.
[6]
M. Hölbl, T. Welzer, B. Brumen, Improvement of the Peyravian-Jeffries's user authentication protocol and password change protocol, Computer Communications 31 (2008) 1945--195.

Index Terms

  1. Improvement of Hölbl et al. user authentication protocol and password change protocol

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Other conferences
      iiWAS '09: Proceedings of the 11th International Conference on Information Integration and Web-based Applications & Services
      December 2009
      763 pages
      ISBN:9781605586601
      DOI:10.1145/1806338
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Sponsors

      • Johannes Kepler University

      In-Cooperation

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 14 December 2009

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. Diffie-Hellmen
      2. hash functions
      3. password
      4. remote authentication

      Qualifiers

      • Research-article

      Conference

      iiWAS '09
      Sponsor:

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • 0
        Total Citations
      • 72
        Total Downloads
      • Downloads (Last 12 months)0
      • Downloads (Last 6 weeks)0
      Reflects downloads up to 15 Feb 2025

      Other Metrics

      Citations

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media