A Simple Password Authentication Scheme Based on Geometric Hashing Function

Password authentication protocol is one of most important mechanisms to prevent resources from accessing by unauthorized users. Many password authentication schemes have been developed in last decades, and many of them are based on the use of smart card. However, nowadays it is not applicable for many applications on the Internet to adopt the smart card in their authentication scheme due to its inconvenience and relative high cost for both users and service providers. On the other hand, all password authentication schemes without using smart card (ex. schemes based on hash function) cited in this paper are proved to be vulnerable to replay attack and/or man-in-themiddle attack and/or verifier stolen attack, etc. Hence, in this paper, we focus on designing a simple, secure and high efficiency password authentication scheme based on geometric hash function without using smart card. Our security analysis and performance evaluation demonstrate that our scheme is quite simple and efficient, and also can withstand replay attack, password guessing attack, min-inthe-middle attack, verifier stolen attack and denial-ofservice attack.

[1]  Cheng-Chi Lee,et al.  Guessing Attacks on Strong-Password Authentication Protocol , 2013, Int. J. Netw. Secur..

[2]  Tawei Wang,et al.  Cost and benefit analysis of authentication systems , 2011, Decis. Support Syst..

[3]  Rajaram Ramasamy,et al.  An Efficient Password Authentication Scheme for Smart Card , 2012, Int. J. Netw. Secur..

[4]  Wei-Chi Ku,et al.  Two simple attacks on Lin-Shen-Hwang's strong-password authentication protocol , 2003, OPSR.

[5]  Yang Jingbo,et al.  A secure strong password authentication protocol , 2010, 2010 2nd International Conference on Software Technology and Engineering.

[6]  Hung-Min Sun,et al.  Attacks and Solutions on Strong-Password Authentication , 2001 .

[7]  Tzonelih Hwang,et al.  Non-interactive password authentications without password tables , 1990, IEEE TENCON'90: 1990 IEEE Region 10 Conference on Computer and Communication Systems. Conference Proceedings.

[8]  Cheng-Chi Lee,et al.  Password Authentication Schemes: Current Status and Key Issues , 2006, Int. J. Netw. Secur..

[9]  Michael J. O'Donnell,et al.  Geometric Problems with Application to Hashing , 1982, SIAM J. Comput..

[10]  Dengguo Feng,et al.  An improved smart card based password authentication scheme with provable security , 2009, Comput. Stand. Interfaces.

[11]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[12]  Chin-Chen Chang,et al.  Remote password authentication with smart cards , 1991 .

[13]  Cheng-Chi Lee,et al.  A password authentication scheme over insecure networks , 2006, J. Comput. Syst. Sci..

[14]  Chien-Ming Chen,et al.  Stolen-Verifier Attack on Two New Strong-Password Authentication Protocols , 2002 .

[15]  Cheng-Chi Lee,et al.  A remote user authentication scheme using hash functions , 2002, OPSR.

[16]  Ronggong Song Advanced smart card based password authentication protocol , 2010, Comput. Stand. Interfaces.

[17]  Amit K. Awasthi,et al.  A remote user authentication scheme using smart cards with forward secrecy , 2003, IEEE Trans. Consumer Electron..

[18]  Chien-Ming Chen,et al.  Weaknesses of Lee-Li-Hwang's hash-based password authentication scheme , 2003, OPSR.

[19]  Sandeep K. Sood An Improved and Secure Smart Card Based Dynamic Identity Authentication Protocol , 2012, Int. J. Netw. Secur..

[20]  Min-Shiang Hwang,et al.  A Secure Strong-Password Authentication Protocol , 2005, Fundam. Informaticae.

[21]  Nevenko Zunic,et al.  Methods for Protecting Password Transmission , 2000, Comput. Secur..

[22]  Wei-Chi Ku,et al.  Weaknesses and improvement of Wang et al.'s remote user password authentication scheme for resource-limited environments , 2009, Comput. Stand. Interfaces.

[23]  Matu-Tarow Noda,et al.  Simple and Secure Password Authentication Protocol (SAS) , 2000 .

[24]  Wei-Chi Ku,et al.  A hash-based strong-password authentication scheme without using smart cards , 2004, OPSR.