Improvements on two password-based authentication protocols

Recently, Liao et al. and Holbl et al. each proposed a user authentication protocol, respectively. Both claimed that their schemes can withstand various attacks. However, Xiang et al. pointed out Liao et al.’s protocol suffers from three kinds of attacks, the replay attack, the guessing attack, and the Denial-of-service (DoS) attack. Moreover, we and Munilla et al. also found Holbl et al.’s protocol sufers from the password guessing attack. In this paper, we will propose the two protocols’improvements respectively. After analyses and comparisons, we conclude that our improvements are not only more secure but also more efficient in communication cost than all of the password based schemes that we know.

[1]  Jia-Yong Liu,et al.  A new mutual authentication scheme based on nonce and smart cards , 2008, Comput. Commun..

[2]  Chun-Ta Li,et al.  An efficient biometrics-based remote user authentication scheme using smart cards , 2010, J. Netw. Comput. Appl..

[3]  Xiaotie Deng,et al.  Two-factor mutual authentication based on smart cards and passwords , 2008, J. Comput. Syst. Sci..

[4]  Kwok-Wo Wong,et al.  Cryptanalysis of a password authentication scheme over insecure networks , 2008, J. Comput. Syst. Sci..

[5]  Wei-Chi Ku,et al.  Weaknesses and improvement of Wang et al.'s remote user password authentication scheme for resource-limited environments , 2009, Comput. Stand. Interfaces.

[6]  Chin-Chen Chang,et al.  Security design for three-party encrypted key exchange protocol using smart cards , 2008, ICUIMC '08.

[7]  Yan-yan Wang,et al.  A more efficient and secure dynamic ID-based remote user authentication scheme , 2009, Comput. Commun..

[8]  Dongho Won,et al.  Security weakness in a three-party pairing-based protocol for password authenticated key exchange , 2007, Inf. Sci..

[9]  Raphael C.-W. Phan,et al.  Cryptanalysis of simple three-party key exchange protocol (S-3PAKE) , 2008, Inf. Sci..

[10]  Wei-Kuan Shih,et al.  Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[11]  Shuenn-Shyang Wang,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[12]  C. Bindu,et al.  Improved Remote User Authentication Scheme Preserving User Anonymity , 2008 .

[13]  Marko Hölbl,et al.  Improvement of the Peyravian-Jeffries's user authentication protocol and password change protocol , 2008, Comput. Commun..

[14]  Jorge Munilla,et al.  Security flaw of Hölbl et al.'s protocol , 2009, Comput. Commun..

[15]  Ashutosh Saxena,et al.  An improved bilinear pairing based remote user authentication scheme , 2009, Comput. Stand. Interfaces.

[16]  Hung-Min Sun,et al.  Comments on two password based protocols , 2008, IACR Cryptol. ePrint Arch..

[17]  Sandra McLain IEEE TRANSACTIONS ON INDUSTRIAL ELECTRONICS , 2007 .

[18]  Dongho Won,et al.  Vulnerabilities in a Remote Agent Authentication Scheme Using Smart Cards , 2008, KES-AMSTA.

[19]  B. C. Brookes,et al.  Information Sciences , 2020, Cognitive Skills You Need for the 21st Century.

[20]  Jia-Lun Tsai,et al.  Efficient multi-server authentication scheme based on one-way hash function without verification table , 2008, Comput. Secur..

[21]  Wen-Shenq Juang,et al.  Efficient password authenticated key agreement using bilinear pairings , 2008, Math. Comput. Model..

[22]  Marko Hölbl,et al.  Two improved two-party identity-based authenticated key agreement protocols , 2009, Comput. Stand. Interfaces.

[23]  Cheng-Chi Lee,et al.  A password authentication scheme over insecure networks , 2006, J. Comput. Syst. Sci..

[24]  Chin-Chen Chang,et al.  Security enhancement for a three-party encrypted key exchange protocol against undetectable on-line password guessing attacks , 2008, Comput. Stand. Interfaces.

[25]  Wei-Kuan Shih,et al.  Weaknesses and improvements of the Yoon-Ryu-Yoo remote user authentication scheme using smart cards , 2009, Comput. Commun..

[26]  Min Gyo Chung,et al.  More secure remote user authentication scheme , 2009, Comput. Commun..

[27]  Wei-Chi Ku,et al.  Three weaknesses in a simple three-party key exchange protocol , 2008, Inf. Sci..

[28]  Mohammad Peyravian,et al.  Secure remote user access over insecure networks , 2006, Comput. Commun..

[29]  Min-Shiang Hwang,et al.  DoS-resistant ID-based password authentication scheme using smart cards , 2010, J. Syst. Softw..

[30]  Jizhou Sun,et al.  Cryptanalysis of a mutual authentication scheme based on nonce and smart cards , 2009, Comput. Commun..

[31]  Dengguo Feng,et al.  An improved smart card based password authentication scheme with provable security , 2009, Comput. Stand. Interfaces.

[32]  Chin-Chen Chang,et al.  An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem , 2009, Comput. Secur..

[33]  Robert Cole,et al.  Computer Communications , 1982, Springer New York.

[34]  Wei-Bin Lee,et al.  A new method for using hash functions to solve remote user authentication , 2008, Comput. Electr. Eng..

[35]  B. Carminati,et al.  Computer Standards & Interfaces , 2009 .

[36]  Eun-Jun Yoon,et al.  Improving the novel three-party encrypted key exchange protocol , 2008, Comput. Stand. Interfaces.

[37]  Dong Hoon Lee,et al.  A remote user authentication scheme without using smart cards , 2009, Comput. Stand. Interfaces.

[38]  Wen-Shenq Juang,et al.  Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards , 2008, IEEE Transactions on Industrial Electronics.