An Improvement of SPLICE/AS in WIDE against Guessing Attack

Yamaguchi, Okayama, and Miyahara proposed a simple but efficient authentication sys- tem, SPLICE/AS. In this article, we show that their method is vulnerable to the guessing attack. An attacker can obtain the password, private-key, and public-key of the user. To overcome the vul- nerability of SPLICE/AS to the guessing attack, we propose an improvement of their system. In our scheme, we not only prevent the guessing attack to obtain secret messages but also enhance the security of the SPLICE/AS authentication system in WIDE.

[1]  Min-Shiang Hwang A remote password authentication scheme based on the digital signature method , 1999, Int. J. Comput. Math..

[2]  M. Abadi Strengthening Passwords , 1997 .

[3]  Jerome H. Saltzer,et al.  Protecting Poorly Chosen Secrets from Guessing Attacks , 1993, IEEE J. Sel. Areas Commun..

[4]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[5]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[6]  J. Murai,et al.  Construction of the widely integrated distributed environment , 1989, Fourth IEEE Region 10 International Conference TENCON.

[7]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[8]  K. Okayama,et al.  Design and implementation of an authentication system in WIDE Internet environment , 1990, IEEE TENCON'90: 1990 IEEE Region 10 Conference on Computer and Communication Systems. Conference Proceedings.