Cryptology ePrint Archive: Report 2009/560

On the Security Vulnerabilities of a Hash Based Strong Password Authentication Scheme

Manoj Kumar

Abstract: User authentication is an essential task for network security. To serve this purpose,in the past years, several strong password authentication schemes have been proposed, but none of them probably withstand to known security threats. In 2004, W. C. Ku proposed a new hash based strong password authentication scheme and claimed that the proposed scheme withstands to replay, password fie compromise, denial of service and insider attack. This paper analyzes W. C. Ku’s scheme and found that the proposed scheme does not support mutual authentication, session key generation phase for secure communication. In addition, in W. C. Ku’s scheme, the user is not free to change his password. However, in this paper, we show that W. C. Ku’s scheme is still vulnerable to insider, man in the middle, password guessing, replay, impersonation, stolen verifier and denial of service attacks.

Category / Keywords: implementation / Login, server, access system, mutual authentication, session key, network security.

Date: received 16 Nov 2009

Contact author: yamu_balyan at yahoo co in

Available formats: PDF | BibTeX Citation

Version: 20091122:034612 (All versions of this report)

Discussion forum: Show discussion | Start new discussion