An enhanced password authentication scheme providing password updating without smart cards

Chin Chen Chang; Hao Chuan Tsai; Yi Hui Chen

An enhanced password authentication scheme providing password updating without smart cards

Chin Chen Chang^*
, Hao Chuan Tsai
, Yi Hui Chen

^*Corresponding author for this work

Research output: Contribution to journal › Journal Article › peer-review

Abstract

In 2003, Yang, Chang, and Hwang proposed an enhanced scheme of Peyravivan-Zunic's password authentication scheme by using the Diffie-Hellman scheme. Later, Yoon, Ryu, and Yoo demonstrated that Yang-Chang-Hwang's scheme is vulnerable to a stolen-verifier attack and a denial-of-service attack, and then proposed an improved scheme. In this paper, we show that Yoon-Ryu-Yoo's scheme is still vulnerable to a stolen-verifier attack and a server spoofing attack under some reasonable assumption. In addition, we propose an improved scheme to eliminate such security flaws.

Original language	English
Pages (from-to)	33-40
Number of pages	8
Journal	International Journal of Security and its Applications
Volume	1
Issue number	2
State	Published - 2007
Externally published	Yes

Cite this

@article{4e16f468f74e4d558d6868b37e9842ae,

title = "An enhanced password authentication scheme providing password updating without smart cards",

abstract = "In 2003, Yang, Chang, and Hwang proposed an enhanced scheme of Peyravivan-Zunic's password authentication scheme by using the Diffie-Hellman scheme. Later, Yoon, Ryu, and Yoo demonstrated that Yang-Chang-Hwang's scheme is vulnerable to a stolen-verifier attack and a denial-of-service attack, and then proposed an improved scheme. In this paper, we show that Yoon-Ryu-Yoo's scheme is still vulnerable to a stolen-verifier attack and a server spoofing attack under some reasonable assumption. In addition, we propose an improved scheme to eliminate such security flaws.",

author = "Chang, \{Chin Chen\} and Tsai, \{Hao Chuan\} and Chen, \{Yi Hui\}",

year = "2007",

language = "英语",

volume = "1",

pages = "33--40",

journal = "International Journal of Security and its Applications",

issn = "1738-9976",

publisher = "Science and Engineering Research Support Society",

number = "2",

}

TY - JOUR

T1 - An enhanced password authentication scheme providing password updating without smart cards

AU - Chang, Chin Chen

AU - Tsai, Hao Chuan

AU - Chen, Yi Hui

PY - 2007

Y1 - 2007

N2 - In 2003, Yang, Chang, and Hwang proposed an enhanced scheme of Peyravivan-Zunic's password authentication scheme by using the Diffie-Hellman scheme. Later, Yoon, Ryu, and Yoo demonstrated that Yang-Chang-Hwang's scheme is vulnerable to a stolen-verifier attack and a denial-of-service attack, and then proposed an improved scheme. In this paper, we show that Yoon-Ryu-Yoo's scheme is still vulnerable to a stolen-verifier attack and a server spoofing attack under some reasonable assumption. In addition, we propose an improved scheme to eliminate such security flaws.

AB - In 2003, Yang, Chang, and Hwang proposed an enhanced scheme of Peyravivan-Zunic's password authentication scheme by using the Diffie-Hellman scheme. Later, Yoon, Ryu, and Yoo demonstrated that Yang-Chang-Hwang's scheme is vulnerable to a stolen-verifier attack and a denial-of-service attack, and then proposed an improved scheme. In this paper, we show that Yoon-Ryu-Yoo's scheme is still vulnerable to a stolen-verifier attack and a server spoofing attack under some reasonable assumption. In addition, we propose an improved scheme to eliminate such security flaws.

UR - https://www.scopus.com/pages/publications/84863243857

M3 - 文章

AN - SCOPUS:84863243857

SN - 1738-9976

VL - 1

SP - 33

EP - 40

JO - International Journal of Security and its Applications

JF - International Journal of Security and its Applications

IS - 2

ER -

An enhanced password authentication scheme providing password updating without smart cards

Abstract

Other files and links

Fingerprint

Cite this