An enhanced verifier-free password authentication scheme for resource-limited environments

To realize secure access to multimedia anywhere, anytime, and with any devices, we need efficient authentication mechanisms suitable for resource-limited environments. Password authentication is regarded as one of the most widely used authentication mechanisms for its convenience, easy implementation, and user-friendliness. Up to now, many verifier-free password authentication schemes that can resist stolen-verifier attacks have been proposed, and each has its pros and cons. Recently, Wang et al. showed that two new verifier-free password authentication schemes are vulnerable to an off-line password guessing attack, a forgery attack, and a denial-of-service attack, and then proposed an improved scheme for the real application in resource-limited environments. Unfortunately, we find that Wang et al.'s scheme is still vulnerable to several attacks. Herein, we propose an enhanced verifier-free password authentication scheme for resource-limited environments with better security strength.

[1]  Eun-Jun Yoon,et al.  Further improvement of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[2]  Wei-Chi Ku,et al.  Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[3]  Akihiro Shimizu,et al.  A dynamic password authentication method using a one-way function , 1991, Systems and Computers in Japan.

[4]  Matu-Tarow Noda,et al.  Simple and Secure Password Authentication Protocol (SAS) , 2000 .

[5]  Xiaomin Wang,et al.  Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards , 2007, Comput. Stand. Interfaces.

[6]  Li Gong,et al.  A security risk of depending on synchronized clocks , 1992, OPSR.

[7]  Hung-Yu Chien,et al.  An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[8]  Lee-Ming Cheng,et al.  Cryptanalysis of a remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[9]  Chris J. Mitchell,et al.  Comments on the S/KEY user authentication scheme , 1996, OPSR.

[10]  Chin-Chen Chang,et al.  Some Forgery Attacks on a Remote User Authentication Scheme Using Smart Cards , 2003, Informatica.

[11]  Tzonelih Hwang,et al.  Non-interactive password authentications without password tables , 1990, IEEE TENCON'90: 1990 IEEE Region 10 Conference on Computer and Communication Systems. Conference Proceedings.

[12]  Hung-Min Sun,et al.  Attacks and Solutions on Strong-Password Authentication , 2001 .

[13]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[14]  JanJinn-Ke,et al.  An Efficient and Practical Solution to Remote Authentication , 2002 .

[15]  Hirohito Inagaki,et al.  A Password Authentication Method for Contents Communications on the Internet , 1998 .

[16]  Min-Shiang Hwang,et al.  A modified remote user authentication scheme using smart cards , 2003, IEEE Trans. Consumer Electron..

[17]  Hung-Min Sun,et al.  An Efficient Remote User Authentication Scheme Using Smart Cards , 2000 .

[18]  Chris J. Mitchell,et al.  Limitations of challenge-response entity authentication , 1989 .

[19]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[20]  Chien-Lung Hsu Security of Chien et al.'s remote user authentication scheme using smart cards , 2004, Comput. Stand. Interfaces.

[21]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[22]  Chin-Chen Chang,et al.  Remote password authentication with smart cards , 1991 .

[23]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[24]  Tzonelih Hwang,et al.  Reparable key distribution protocols for Internet environments , 1995, IEEE Trans. Commun..