Paper 2009/490

Cryptanalysis of Multiple-Server Password-Authenticated Key

Sang-Gon Lee

Abstract

Password-based user-authentication schemes have been widely used when users access a server to avail internet services. Multiserver password-authentication schemes enable remote users to obtain service from multiple servers without separately registering with each server. In 2008, Jia-Lun Tsai proposed an improved and efficient password-authenticated key agreement scheme for a multiserver architecture based on Chang-Lee’s scheme proposed in 2004. However, we found that Tsai’s scheme does not provide forward secrecy and is weak to insider impersonation and denial of service attacks. In this article, we describe the drawbacks of Tsai’s scheme and provide a countermeasure to satisfy the forward secrecy property.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Unknown where it was published
Keywords
Multiserver Password-authenticationInsider Impersonation AttackDoS Attack
Contact author(s)
nok60 @ gdsu dongseo ac ktr
History
2009-11-16: revised
2009-10-14: received
See all versions
Short URL
https://ia.cr/2009/490
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2009/490,
      author = {Sang-Gon Lee},
      title = {Cryptanalysis of Multiple-Server Password-Authenticated Key},
      howpublished = {Cryptology {ePrint} Archive, Paper 2009/490},
      year = {2009},
      url = {https://eprint.iacr.org/2009/490}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.