Abstract
Recently, Lee et al. proposed an improvement on Peyravian and Zunic scheme to make the protocol withstand the guessing attack. However, their scheme suffers from a denial of service attack. In this paper, we show that an attacker can easily prevent the normal use of communication facilities by performing the attack. We also propose an enhancement of the scheme to isolate such a problem.
- M. Peyravian and N. Zunic, "Methods for protecting password transmission," Computers & Security, vo1. 19, no. 5, pp. 466--469, 2000,Google ScholarDigital Library
- J. J. Hwang and T. C. Yeh, "Improvement on peyravian-zunic's password authentication schemes," IEICE Transactions on Communications, vol. E85-B, no. 4, pp. 823--825, April 2002.Google Scholar
- Cheng-Chi Lee, Li-Hua Li, and Min-Shiang Hwang, "A remote user authentication scheme using hash functions," ACM Operating Systems Review, 36(4):23--29, 2002. Google ScholarDigital Library
- Chun-Li Lin and Tzonelih Hwang, "A password authentication scheme with secure password updating," Computers & Security, vol. 22, no. 1, pp. 68--72, 2003.Google ScholarDigital Library
- Wei-Chi KU, Chien-Ming CHEN, and Hui-Lung LEE, "Cryptanalysis of a variant of peyravian-zunic's password authentication scheme," IEICE Transactions on Communications, vol. E86-B, no. 5, pp. 1682--1684, May 2003.Google Scholar
- Chou-Chen YANG, Ting-Yi CHANG, Jian-Wei LI, and Min-Shiang HWANG, "Security enhancement for protecting password transmission," IEICE Transactions on Communications, vol. E86-B, no. 7, pp. 2178--2181, July 2003.Google Scholar
Index Terms
- A secure user authentication scheme using hash functions
Recommendations
A Secure Strong-Password Authentication Protocol
Password authentication, which is widely used for authenticated method, also is important protocol by requiring a username and password before being allowed access to resources. In 2001, Lin et al. proposed the optimal strong-password authentication ...
Secure remote user authentication scheme using bilinear pairings
WISTP'07: Proceedings of the 1st IFIP TC6 /WG8.8 /WG11.2 international conference on Information security theory and practices: smart cards, mobile and ubiquitous computing systemsIn 2006, Das et al. proposed a remote user authentication scheme using the properties of bilinear pairings. The current paper, however, demonstrates that Das et al.'s scheme is still vulnerable to an impersonation attack and an off-line password ...
A Secure Strong-Password Authentication Protocol
Password authentication, which is widely used for authenticated method, also is important protocol by requiring a username and password before being allowed access to resources. In 2001, Lin et al. proposed the optimal strong-password authentication ...
Comments