An Enhanced Password Authentication Scheme Providing Password Updating without Smart Cards

In 2003, Yang, Chang, and Hwang proposed an enhanced scheme of Peyravivan-Zunic's password authentication scheme by using the Diffie-Hellman scheme. Later, Yoon, Ryu, and Yoo demonstrated that Yang-Chang-Hwang's scheme is vulnerable to a stolen-verifier attack and a denial-of-service attack, and then proposed an improved scheme. In this paper, we show that Yoon-Ryu-Yoo's scheme is still vulnerable to a stolen-verifier attack and a server spoofing attack under some reasonable assumption. In addition, we propose an improved scheme to eliminate such security flaws.

[1]  Chien-Ming Chen,et al.  Cryptanalysis of a Variant of Peyravian-Zunic's Password Authentication Scheme , 2003 .

[2]  Chin-Chen Chang,et al.  A secure and efficient strong-password authentication protocol , 2004, OPSR.

[3]  Eun-Jun Yoon,et al.  Attacks and Solutions of Yang et al.'s Protected Password Changing Scheme , 2005, Informatica.

[4]  Taekyoung Kwon,et al.  Authentication and Key Agreement Via Memorable Passwords , 2001, NDSS.

[5]  Wei-Chi Ku,et al.  Weaknesses and Improvements of Yang-Chang-Hwang's Password Authentication Scheme , 2005, Informatica.

[6]  Min-Shiang Hwang,et al.  Security of Improvement on Methods for Protecting Password Transmission , 2003, Informatica.

[7]  Jing-Jang Hwang,et al.  Improvement on Peyravian-Zunic's Password Authentication Schemes , 2002 .

[8]  Hirohito Inagaki,et al.  A Password Authentication Method for Contents Communications on the Internet , 1998 .

[9]  Hung-Yu Chien,et al.  On the Security of Methods for Protecting Password Transmission , 2001, Informatica.

[10]  Taekyoung Kwon,et al.  Authentication and Key Agreement via Memorable Password , 2000, IACR Cryptol. ePrint Arch..

[11]  Matu-Tarow Noda,et al.  Simple and Secure Password Authentication Protocol (SAS) , 2000 .

[12]  Chien-Ming Chen,et al.  Stolen-Verifier Attack on Two New Strong-Password Authentication Protocols , 2002 .

[13]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[14]  Thomas D. Wu The Secure Remote Password Protocol , 1998, NDSS.

[15]  Hung-Min Sun,et al.  On the Security of Some Password Authentication Protocols , 2003, Informatica.

[16]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[17]  Nevenko Zunic,et al.  Methods for Protecting Password Transmission , 2000, Comput. Secur..