Cryptanalysis of a Secure One-time Password Authentication Scheme with Low-communication for Mobile Communications

User authentication is a most important protocol in a distribution network. Those authentication schemes have been proposed for many years, and a one-time password authentication scheme is one of them. In 2004, Lin and Chang proposed a one-time password authentication scheme which is free from replay attacks, server spoofing attacks, off-line dictionary attacks, active attacks, and revelation of message contents. However, their scheme will suffer from guessing attacks which is proposed by us in this paper.

[1]  Min-Shiang Hwang,et al.  Cryptanalysis of a User Friendly Remote Authentication Scheme with Smart Card , 2005 .

[2]  Chin-Chen Chang,et al.  A secure one-time password authentication scheme with low-computation for mobile communications , 2004, OPSR.

[3]  Chin-Chen Chang,et al.  A secure one-time password authentication scheme using smart cards without limiting login times , 2004, OPSR.

[4]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[5]  Min-Shiang Hwang,et al.  A remote password authentication scheme for multiserver architecture using neural networks , 2001, IEEE Trans. Neural Networks.

[6]  Cheng-Chi Lee,et al.  An Improvement of Mobile Users Authentication in the Integration Environments , 2002 .

[7]  Min-Shiang Hwang,et al.  Security enhancement for the timestamp-based password authentication scheme using smart cards , 2003, Comput. Secur..

[8]  Cheng-Chi Lee,et al.  A flexible remote user authentication scheme using smart cards , 2002, OPSR.

[9]  Cheng-Chi Lee,et al.  A simple remote user authentication scheme , 2002 .

[10]  Min-Shiang Hwang,et al.  Security of Improvement on Methods for Protecting Password Transmission , 2003, Informatica.

[11]  Min-Shiang Hwang,et al.  Security enhancement for Optimal Strong-Password Authentication protocol , 2003, OPSR.

[12]  Cheng-Chi Lee,et al.  A remote user authentication scheme using hash functions , 2002, OPSR.

[13]  Min-Shiang Hwang,et al.  A new remote user authentication scheme for multi-server architecture , 2003, Future Gener. Comput. Syst..

[14]  Craig Metz,et al.  A One-Time Password System , 1996, RFC.

[15]  Chris J. Mitchell,et al.  Comments on the S/KEY user authentication scheme , 1996, OPSR.

[16]  Min-Shiang Hwang,et al.  Security Enhancement for Protecting Password Transmission , 2003 .

[17]  Min-Shiang Hwang,et al.  A modified remote user authentication scheme using smart cards , 2003, IEEE Trans. Consumer Electron..