Attack and Improvement on the One-Time Password Authentication Protocol Against Theft Attacks

Recently, Tsuji and Shimizu proposed a one-time password authentication protocol against replay and theft attacks. Unfortunately, in this paper, we show that their scheme is insecure under the modification attack. We propose an improvement scheme to enhance the security of the one-time password authentication protocol.

[1]  Shiuh-Pyng Shieh,et al.  Password authentication schemes with smart cards , 1999, Comput. Secur..

[2]  Wang Shiuh-Jeng,et al.  Refereed paper: Smart card based secure password authentication scheme , 1996 .

[3]  Taekyoung Kwon,et al.  Efficient and secure password-based authentication protocols against guessing attacks , 1998, Comput. Commun..

[4]  Hung-Yu Chien,et al.  Robust and Simple Authentication Protocol , 2003, Comput. J..

[5]  Hung-Min Sun,et al.  Attacks and Solutions on Strong-Password Authentication , 2001 .

[6]  Jin-Fu Chang,et al.  Smart card based secure password authentication scheme , 1996, Computers & security.

[7]  Chien-Ming Chen,et al.  Stolen-Verifier Attack on Two New Strong-Password Authentication Protocols , 2002 .

[8]  Matu-Tarow Noda,et al.  Simple and Secure Password Authentication Protocol (SAS) , 2000 .

[9]  Akihiro Shimizu,et al.  An Impersonation Attack on One-Time Password Authentication Protocol OSPA , 2003 .

[10]  Sung-Ming Yen,et al.  Shared Authentication Token Secure Against Replay and Weak Key Attacks , 1997, Inf. Process. Lett..

[11]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[12]  Randall J. Atkinson,et al.  On Internet Authentication , 1994, RFC.

[13]  Akihiro Shimizu,et al.  One-Time Password Authentication Protocol against Theft Attacks , 2004 .

[14]  Akihiro Shimizu,et al.  A dynamic password authentication method using a one-way function , 1991, Systems and Computers in Japan.