A new strong-password authentication scheme using one-way hash functions

Recently, Sandirigama et al. have proposed an authentication scheme by the name of SAS and have claimed that it has the lowest storage, processing, and transmission overhead. In 2001, Lin et al. showed that the protocol is insecure and proposed an optimal strong-password authentication protocol called the OSPA protocol. However, Chen and Ku pointed out that both SAS and OSPA are vulnerable to stolen-verifier attack in 2002. Later, Lin, Shen, and Hwang proposed a modified OSPA protocol to repair the security law of OSPA protocol. In this paper, we propose a new strong-password authentication protocol that not only can withstand many possible attacks including a stolen-verifier attack, but that is also more efficient than the modified OSPA protocol.

[1]  Cheng-Chi Lee,et al.  A remote user authentication scheme using hash functions , 2002, OPSR.

[2]  Cheng-Chi Lee,et al.  A simple remote user authentication scheme , 2002 .

[3]  Lee-Ming Cheng,et al.  Cryptanalysis of a Timestamp-Based Password Authentication Scheme , 2002, Comput. Secur..

[4]  Min-Shiang Hwang,et al.  Security enhancement for Optimal Strong-Password Authentication protocol , 2003, OPSR.

[5]  Cheng-Chi Lee,et al.  An Improvement of SPLICE/AS in WIDE against Guessing Attack , 2001, Informatica.

[6]  Matu-Tarow Noda,et al.  Simple and Secure Password Authentication Protocol (SAS) , 2000 .

[7]  Shiuh-Pyng Shieh,et al.  Password authentication schemes with smart cards , 1999, Comput. Secur..

[8]  Hung-Yu Chien,et al.  A modified remote login authentication scheme based on geometric approach , 2001, J. Syst. Softw..

[9]  Min-Shiang Hwang A remote password authentication scheme based on the digital signature method , 1999, Int. J. Comput. Math..

[10]  Min-Shiang Hwang,et al.  A Flexible Remote User Authentication Scheme with Smart Cards , 2002 .

[11]  Chien-Ming Chen,et al.  Stolen-Verifier Attack on Two New Strong-Password Authentication Protocols , 2002 .

[12]  Min-Shiang Hwang,et al.  A modified remote user authentication scheme using smart cards , 2003, IEEE Trans. Consumer Electron..

[13]  Hung-Min Sun,et al.  Attacks and Solutions on Strong-Password Authentication , 2001 .

[14]  Cheng-Chi Lee,et al.  A flexible remote user authentication scheme using smart cards , 2002, OPSR.

[15]  I. C. Lin,et al.  (IEEE Transactions on Neural Networks,12(6):1498-1504)A Remote Password Authentication Scheme for Multi-Server Architecture Using Neural Network , 2001 .