An enhanced password authentication scheme providing password updating without smart cards

Chin Chen Chang; Hao Chuan Tsai; Yi Hui Chen

doi:10.1109/MUE.2007.77

An enhanced password authentication scheme providing password updating without smart cards

Chin Chen Chang^*
, Hao Chuan Tsai
, Yi Hui Chen

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

In 2003, Yang, Chang, and Hwang proposed an enhanced scheme of Peyravivan-Zunic's password authentication scheme by using the Diffie-Hellman scheme. Later, Yoon, Ryu, and Yoo demonstrated that Yang-Chang-Hwang's scheme is vulnerable to a stolen-verifier attack and a denial-of-service attack, and then proposed an improved scheme. In this paper, we show that Yoon-Ryu-Yoo's scheme is still vulnerable to a stolen-verifier attack and a server spoofing attack under some reasonable assumption. In addition, we propose an improved scheme to eliminate such security flaws.

Original language	English
Title of host publication	Proceedings - 2007 International Conference on Multimedia and Ubiquitous Engineering, MUE 2007
Pages	1210-1215
Number of pages	6
DOIs	https://doi.org/10.1109/MUE.2007.77
State	Published - 2007
Externally published	Yes
Event	2007 International Conference on Multimedia and Ubiquitous Engineering, MUE 2007 - Seoul, Korea, Republic of Duration: 26 04 2007 → 28 04 2007

Publication series

Name	Proceedings - 2007 International Conference on Multimedia and Ubiquitous Engineering, MUE 2007

Conference

Conference	2007 International Conference on Multimedia and Ubiquitous Engineering, MUE 2007
Country/Territory	Korea, Republic of
City	Seoul
Period	26/04/07 → 28/04/07

Access to Document

10.1109/MUE.2007.77

Cite this

Chang, C. C., Tsai, H. C., & Chen, Y. H. (2007). An enhanced password authentication scheme providing password updating without smart cards. In Proceedings - 2007 International Conference on Multimedia and Ubiquitous Engineering, MUE 2007 (pp. 1210-1215). Article 4197444 (Proceedings - 2007 International Conference on Multimedia and Ubiquitous Engineering, MUE 2007). https://doi.org/10.1109/MUE.2007.77

@inproceedings{350cf665ec7e41a98610263c9daef46c,

title = "An enhanced password authentication scheme providing password updating without smart cards",

abstract = "In 2003, Yang, Chang, and Hwang proposed an enhanced scheme of Peyravivan-Zunic's password authentication scheme by using the Diffie-Hellman scheme. Later, Yoon, Ryu, and Yoo demonstrated that Yang-Chang-Hwang's scheme is vulnerable to a stolen-verifier attack and a denial-of-service attack, and then proposed an improved scheme. In this paper, we show that Yoon-Ryu-Yoo's scheme is still vulnerable to a stolen-verifier attack and a server spoofing attack under some reasonable assumption. In addition, we propose an improved scheme to eliminate such security flaws.",

author = "Chang, \{Chin Chen\} and Tsai, \{Hao Chuan\} and Chen, \{Yi Hui\}",

year = "2007",

doi = "10.1109/MUE.2007.77",

language = "英语",

isbn = "0769527779",

series = "Proceedings - 2007 International Conference on Multimedia and Ubiquitous Engineering, MUE 2007",

pages = "1210--1215",

booktitle = "Proceedings - 2007 International Conference on Multimedia and Ubiquitous Engineering, MUE 2007",

note = "2007 International Conference on Multimedia and Ubiquitous Engineering, MUE 2007 ; Conference date: 26-04-2007 Through 28-04-2007",

}

Chang, CC, Tsai, HC & Chen, YH 2007, An enhanced password authentication scheme providing password updating without smart cards. in Proceedings - 2007 International Conference on Multimedia and Ubiquitous Engineering, MUE 2007., 4197444, Proceedings - 2007 International Conference on Multimedia and Ubiquitous Engineering, MUE 2007, pp. 1210-1215, 2007 International Conference on Multimedia and Ubiquitous Engineering, MUE 2007, Seoul, Korea, Republic of, 26/04/07. https://doi.org/10.1109/MUE.2007.77

An enhanced password authentication scheme providing password updating without smart cards. / Chang, Chin Chen; Tsai, Hao Chuan; Chen, Yi Hui.
Proceedings - 2007 International Conference on Multimedia and Ubiquitous Engineering, MUE 2007. 2007. p. 1210-1215 4197444 (Proceedings - 2007 International Conference on Multimedia and Ubiquitous Engineering, MUE 2007).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - An enhanced password authentication scheme providing password updating without smart cards

AU - Chang, Chin Chen

AU - Tsai, Hao Chuan

AU - Chen, Yi Hui

PY - 2007

Y1 - 2007

N2 - In 2003, Yang, Chang, and Hwang proposed an enhanced scheme of Peyravivan-Zunic's password authentication scheme by using the Diffie-Hellman scheme. Later, Yoon, Ryu, and Yoo demonstrated that Yang-Chang-Hwang's scheme is vulnerable to a stolen-verifier attack and a denial-of-service attack, and then proposed an improved scheme. In this paper, we show that Yoon-Ryu-Yoo's scheme is still vulnerable to a stolen-verifier attack and a server spoofing attack under some reasonable assumption. In addition, we propose an improved scheme to eliminate such security flaws.

AB - In 2003, Yang, Chang, and Hwang proposed an enhanced scheme of Peyravivan-Zunic's password authentication scheme by using the Diffie-Hellman scheme. Later, Yoon, Ryu, and Yoo demonstrated that Yang-Chang-Hwang's scheme is vulnerable to a stolen-verifier attack and a denial-of-service attack, and then proposed an improved scheme. In this paper, we show that Yoon-Ryu-Yoo's scheme is still vulnerable to a stolen-verifier attack and a server spoofing attack under some reasonable assumption. In addition, we propose an improved scheme to eliminate such security flaws.

UR - https://www.scopus.com/pages/publications/37349128125

U2 - 10.1109/MUE.2007.77

DO - 10.1109/MUE.2007.77

M3 - 会议稿件

AN - SCOPUS:37349128125

SN - 0769527779

SN - 9780769527772

T3 - Proceedings - 2007 International Conference on Multimedia and Ubiquitous Engineering, MUE 2007

SP - 1210

EP - 1215

BT - Proceedings - 2007 International Conference on Multimedia and Ubiquitous Engineering, MUE 2007

T2 - 2007 International Conference on Multimedia and Ubiquitous Engineering, MUE 2007

Y2 - 26 April 2007 through 28 April 2007

ER -

Chang CC, Tsai HC, Chen YH. An enhanced password authentication scheme providing password updating without smart cards. In Proceedings - 2007 International Conference on Multimedia and Ubiquitous Engineering, MUE 2007. 2007. p. 1210-1215. 4197444. (Proceedings - 2007 International Conference on Multimedia and Ubiquitous Engineering, MUE 2007). doi: 10.1109/MUE.2007.77

An enhanced password authentication scheme providing password updating without smart cards

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this