A secure one-time password authentication scheme using smart cards

IEICE Transactions on Communications

Volumn E85-B, Issue 11, 2002, Pages 2515-2518

  Yeh, Tzu Chang ^a   Shen, Hsiao Yun ^a   Hwang, Jing Jang ^a  

^a NATIONAL CHIAO TUNG UNIVERSITY   (Taiwan)

Author keywords

Authentication; Off line dictionary attack; One time password; Replay attack; Smart card

Indexed keywords

COMPUTER PRIVACY; FUNCTIONS; INTERNET; SERVERS; WEBSITES;

PASSWORD AUTHENTICATION SCHEME;

SMART CARDS;

EID: 0037285305     PISSN: 09168516     EISSN: None     Source Type: Journal    
DOI: None     Document Type: Article

References (19)

1. F. Paul, Microsoft computer network hacked; FBI steps in, CNET, Oct. 27, 2000, http://news.cnet.com/news/0-1003-200-3308084.html.
2. T. Kwon, "Authentication and key agreement via memorable password," Proc. 2001 Internet Society Network and Distributed System Security Symposium, San Diego, CA, Feb. 2001, http://www.isoc.org/isoc/conferences/ndss/01/ 2001/papers/kwon.pdf
3. T. Wu, "Secure remote password protocol," Proc. 1998 Internet Society Network and Distributed System Security Symposium, pp.97-111, San Diego, CA, March 1998.
4. S.M. Bellovin and M. Merritt, "Encrypted key exchange: Password-based protocols secure against dictionary attacks," Proc. IEEE Symposium on Research in Security and Privacy, pp.72-84, Oakland, May 1992.
5. S.M. Bellovin and M. Merritt, "Augmented encrypted key exchange: A password-based protocol secure against dictionary attacks and password file compromise," AT&T Bell Laboratories, 1994.
6. L. Gong, M. Lomas, R. Needham, and J. Saltzer, "Protecting poorly chosen secrets from guessing attacks," IEEE J. Sel. Areas Commun., vol.11, no.5, pp.648-656, June 1993.
7. D. Jablon, "Strong password-only authenticated key exchange," Computer Communication Review, ACM Sigcomm, vol.26, no.5, pp.5-26, Oct. 1996.
8. D. Jablon, "Extended password key exchange protocols immune to dictionary attacks," Proc. the Sixth Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET-ICE'97), IEEE Computer Society, pp.248-255, Cambridge, MA, June 1997.
9. T. Kwon and J. Song, "Secure agreement scheme for gxy via password authentication," Electron. Lett., vol.36, no.11, pp.892-893, May 1999.
10. P. MacKenzie and R. Swaminathan, "Secure network authentication with password identification," Presented to IEEE P1363a, 1999.
11. M. Bellare and P. Rogaway, "The AuthA protocol for password-based authenticated key exchange," Contribution to the IEEE P1363 study group, 2000.
12. V. Boyko, P. MacKenzie, and S. Patel, "Provably secure password authenticated key exchange using Diffie-Hellman," pp.156-171, Advances in Cryptology - EURO-CRYPT 2000.
13. L. Lamport, "Password authentication with insecure communication," Commun. ACM, vol.24, no.11, pp.770-772, Nov. 1981.
14. N.M. Haller, "A one-time password system," RFC 1938, May 1995.
15. N.M. Haller, "On internet authentication," RFC 1704, Oct. 1994.
16. N.M. Haller, "The S/KEY one-time password system," RFC 1760, Feb. 1995.
17. C.J. Mitchell and L. Chen, "Comments on the S/KEY user authentication scheme," ACM Operating Systems Review, vol.30, no.4, pp.12-16, Oct. 1995.
18. S.M. Yen and K.H. Liao, "Shared authentication token secure against replay and weak key attacks," Information Processing Letters, vol.62, pp.77-80, 1997.
19. T. Kawase, A. Watanabe, and I. Sasase, "Proposal of secure remote access using encryption," IEEE Global Telecommunications Conference, vol.2, p.86, 1998.