Cryptology ePrint Archive: Report 2009/561

Improvements on two password-based authentication protocols

Yalin Chen1, Jue-Sam Chou2,* , Chun-Hui Huang3

Abstract: Recently, Liao et al. and Hölbl et al. each proposed a user authentication protocol, respectively. Both claimed that their schemes can withstand various attacks. However, Xiang et al. pointed out Liao et al.’s protocol suffers from three kinds of attacks, the replay attack, the guessing attack, and the Denial-of-service (DoS) attack. Moreover, we and Munilla et al. also found Hölbl et al.’s protocol suffers from the password guessing attack. In this paper, we will propose the two protocols’ improvements respectively. After analyses and comparisons, we conclude that our improvements are not only more secure but also more efficient in communication cost than all of the proposed password based schemes that we know.

Category / Keywords: cryptographic protocols / smart card, password authentication protocol, password change, man-in-the-middle attack, denial-of-service attack, smart-card-lost attack, off-line password guessing attack, mutual authenticatio

Date: received 16 Nov 2009

Contact author: jschou at mail nhu edu tw

Available format(s): PDF | BibTeX Citation

Version: 20091122:041731 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]