A hash-based strong-password authentication scheme without using smart cards

Operating Systems Review (ACM)

Volumn 38, Issue 1, 2004, Pages 29-34

  Ku, Wei Chi ^a  

^a FU JEN CATHOLIC UNIVERSITY   (Taiwan)

Author keywords

Denial of service attack; Password file compromise attack; Replay attack; Strong password; User authentication

Indexed keywords

COMPUTER CRIME; SECURITY OF DATA; SMART CARDS;

DENIAL OF SERVICE ATTACK; PASSWORD-FILE COMPROMISE ATTACK; REPLAY ATTACK; STRONG PASSWORD; USER AUTHENTICATION;

AUTHENTICATION;

EID: 33744725812     PISSN: 01635980     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/974104.974107     Document Type: Conference Paper

References (17)

1. S. Bellovin and M. Merritt, "Augmented encrypted key exchange: A password-based protocol secure against dictionary attacks and password-file compromise," in Proceedings of the ACM Conference on Computer and Communications Security, pp. 244-250, 1993.
2. C. M. Chen and W. C. Ku, "Stolen-verifier attack on two new strong-password authentication protocols," IEICE Transactions on Communications, vol. E85-B, no. 11, pp. 2519-2521, Nov. 2002.
3. th IEEE Computer Security Foundation Workshop, pp. 24-29, 1995.
4. N. M. Haller, "The S/KEY (TM) one-time password system," in Proceedings of the Internet Society Symposium on Network and Distributed System Security, pp. 151-158, 1994.
5. T. Hwang and W. C. Ku, "Reparable key distribution protocols for Internet environments," IEEE Transactions on Communications, vol. 43, no. 5, pp. 1947-1950, May 1995.
6. D. Jablon, "Strong password-only authenticated key exchange," ACM Computer Communications Review, vol. 20, no. 5, pp. 5-26, 1996.
7. W. C. Ku, C. M. Chen, and H. L. Lee, "Cryptanalysis of a variant of Peyravian-Zunic's password authentication scheme," IEICE Transactions on Communications, vol. E86-B, no. 5, pp. 1682-1684, May 2003.
8. W. C. Ku, H. C. Tsai, and S. M. Chen, "Two simple attacks on Lin-Shen-Hwang's strong-password authentication protocol," ACM Operating Systems Review, vol. 37, no. 4, pp. 26-31, Oct. 2003.
9. L. Lamport, "Password authentication with insecure communication," Communications of the ACM, vol. 24, no. 11, pp. 770-772, Nov. 1981.
10. C. L. Lin, H. M. Sun, and T. Hwang, "Attacks and solutions on strong-password authentication," IEICE Transactions on Communications, vol. E84-B, no. 9, pp. 2622-2627, Sept. 2001.
11. C. W. Lin, J. J. Shen, and M. S. Hwang, "Security enhancement for optimal strong password authentication protocol," ACM Operating Systems Review, vol. 37, no. 2, pp. 7-12, April 2003.
12. C. J. Mitchell and L. Chen, "Comments on the S/KEY user authentication scheme," ACM Operating Systems Review, vol. 30, no. 4, pp. 12-16, Oct. 1996.
13. M. Sandirigama, A. Shimizu, and M. T. Noda, "Simple and secure password authentication protocol (SAS)," IEICE Transactions on Communications, vol. E83-B, no. 6, pp. 1363-1365, June 2000.
14. A. Shimizu, "A dynamic password authentication method by one-way function," IEICE Transactions, vol. J73-D-I, no. 7, pp. 630-636, July 1990.
15. A. Shimizu, T. Horioka, and H. Inagaki, "A password authentication methods for contents communication on the Internet," IEICE Transactions on Communications, vol. E81-B, no. 8, pp. 1666-1673, Aug. 1998.
16. T. Tsuji and A. Shimizu, "An impersonation attack on one-time password authentication protocol OSPA," IEICE Transactions on Communications, vol. E86-B, no. 7, pp. 2182-2185, July 2003.
17. IEEE P1363.2 / D11 (Standard specifications for password-based public-key cryptographic techniques), IEEE P1363 working group, Aug. 2003.