Cryptology ePrint Archive: Report 2009/560
On the Security Vulnerabilities of a Hash Based Strong Password Authentication Scheme
Abstract: User authentication is an essential task for network security. To serve this purpose,in the past years, several strong password
authentication schemes have been proposed, but none of them probably withstand to known security threats. In 2004, W.
C. Ku proposed a new hash based strong password authentication scheme and claimed that the proposed scheme withstands
to replay, password fie compromise, denial of service and insider attack. This paper analyzes W. C. Kuís scheme and found
that the proposed scheme does not support mutual authentication, session key generation phase for secure communication.
In addition, in W. C. Kuís scheme, the user is not free to change his password. However, in this paper, we show that W. C.
Kuís scheme is still vulnerable to insider, man in the middle, password guessing, replay, impersonation, stolen verifier and
denial of service attacks.
Category / Keywords: implementation / Login, server, access system, mutual authentication, session key, network security.
Date: received 16 Nov 2009
Contact author: yamu_balyan at yahoo co in
Available format(s): PDF | BibTeX Citation
Version: 20091122:034612 (All versions of this report)
Short URL: ia.cr/2009/560
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]