Abstract
Recently, Peyravian and Zunic proposed a simple but efficient password authentication system. Their scheme is based on the collision-resistant hash function, such as SHA-1. Their scheme did not use any cryptosystems (such as DES, RSA, etc.). However, their scheme is vulnerable to guess attack. An attacker can easily obtain a user's password by guessing attack and then impersonate the user to login and access resources in the server. To overcome the vulnerability of their scheme, we propose an improved scheme to enhance security of their scheme in this article.
- J. Botting, "Security on the Internet: Authenticating the user," Telecommunications, vol. 31, no. 12, pp. 77-80, 1997.Google Scholar
- C. C. Chang and S. J. Hwang, "Using smart cards to authenticate remote passwords," Computers and Mathematics with Applications, vol. 26, no. 7, pp. 19-27, 1993.Google ScholarCross Ref
- C. C. Chang and W. Y. Liao, "A remote password authentication scheme based upon ElGamal's signature scheme," Compuper & Security, vol. 13, no. 2, pp. 137-144, 1994. Google ScholarDigital Library
- Chin-Chen Chang and Min-Shiang Hwang, "Parallel computation of the generating keys for RSA cryptosystems," IEE Electronics Letters, vol. 32, no. 15, pp. 1365-1366, 1996.Google ScholarCross Ref
- S. Halevi and H. Krawczyk, "Public key cryptography and password protocols," in Proceedings of 5th ACM Conference on Computer and Communications Security, pp. 122-131, 1998. Google ScholarDigital Library
- Min-Shiang Hwang, "A new redundancy reducing cipher," International Journal of Informatica, vol. 11, no. 4, pp. 435-440, 2000.Google Scholar
- Min-Shiang Hwang, "Cryptanalysis of remote login authentication scheme," Computer Communications, vol. 22, no. 8, pp. 742-744, 1999. Google ScholarDigital Library
- Min-Shiang Hwang, "A remote password authentication scheme based on the digital signature method," International Journal of Computer Mathematics, vol. 70, pp. 657-666, 1999.Google ScholarCross Ref
- Min-Shiang Hwang, Chin-Chen Chang, and Kuo-Feng Hwang, "An ElGamal-like cryptosystem for enciphering large messages," IEEE Transactions on Knowledge and Data Engineering, vol. 14, no. 2, 2002. Google ScholarDigital Library
- Min-Shiang Hwang, Cheng-Chi Lee, and Yuan-Liang Tang, "An improvement of SPLICE/AS in WIDE against guessing attack," International Journal of Informatica, vol. 12, no. 2, pp. 297-302, 2001.Google Scholar
- Min-Shiang Hwang and L. H. Li, "A new remote user authentication scheme using smart cards," IEEE Transactions on Consumer Electronics, vol. 46, no. 1, pp. 28-30, 2000. Google ScholarDigital Library
- D. P. Jablon, "Strong password only authenticated key exchange," Computer Communication Review, vol. 26, pp. 5-26, Oct. 1996. Google ScholarDigital Library
- J. K. Jan and Y. Y. Chen, "'paramita wisdom' password authentication scheme without verification tables," The Journal of Systems and software, vol. 42, pp. 45-57, 1998. Google ScholarDigital Library
- Cheng-Chi Lee, Min-Shinag Hwang, and Wei-Pang Yang, "A Flexible Remote User Authentication Scheme Using Smart Car," ACM Operating Systems Review, vol. 36, no. 3, pp. 46-52, 2002. Google ScholarDigital Library
- G. Li, M. A. Lomas, R. M. Needham, and J. H. Saltzer, "Protecting poorly chosen secrets from guessing attacks," IEEE Journal on Selected Areas in Communications, vol. 11, pp. 648-656, June 1993.Google ScholarDigital Library
- Li-Hua Li, Iuon-Chung Lin, and Min-Shiang Hwang, "A remote password authentication scheme for multi-server architecture using neural networks," IEEE Transactions on Neural Networls, vol. 12, no. 6, pp. 1498-1504, 2001. Google ScholarDigital Library
- R. Morris and K. Thompson, "Password security: A case history," Communications of the ACM, vol. 22, pp. 594-597, Nov. 1979. Google ScholarDigital Library
- M. Peyravian and N. Zunic, "Methods for protecting password transmission," Computers & Security, vol. 19, no. 5, pp. 466-469, 2000.Google ScholarDigital Library
- Bruce Schneier, Applied Cryptography, 2nd Edition. New York: John Wiley & Sons, 1996.Google Scholar
Index Terms
- A remote user authentication scheme using hash functions
Recommendations
A secure user authentication scheme using hash functions
Recently, Lee et al. proposed an improvement on Peyravian and Zunic scheme to make the protocol withstand the guessing attack. However, their scheme suffers from a denial of service attack. In this paper, we show that an attacker can easily prevent the ...
Cryptanalysis of a user authentication scheme using hash functions
Recently, Lee et al. proposed an improved scheme, called LLH scheme, to solve a security problem of guessing attack in the Peyravian-Zunic password scheme. The scheme comprises a password authentication protocol and a password change protocol. However, ...
Weaknesses of Yoon-Ryu-Yoo's hash-based password authentication scheme
In 2000, Peyravian and Zunic proposed an efficient hash-based password authentication scheme that can be easily implemented. Later, Lee, Li, and Hwang demonstrated that Peyravian-Zunic's scheme is vulnerable to an off-line guessing attack, and then ...
Comments