Paper 2009/560

On the Security Vulnerabilities of a Hash Based Strong Password Authentication Scheme

Manoj Kumar

Abstract

User authentication is an essential task for network security. To serve this purpose,in the past years, several strong password authentication schemes have been proposed, but none of them probably withstand to known security threats. In 2004, W. C. Ku proposed a new hash based strong password authentication scheme and claimed that the proposed scheme withstands to replay, password fie compromise, denial of service and insider attack. This paper analyzes W. C. Ku’s scheme and found that the proposed scheme does not support mutual authentication, session key generation phase for secure communication. In addition, in W. C. Ku’s scheme, the user is not free to change his password. However, in this paper, we show that W. C. Ku’s scheme is still vulnerable to insider, man in the middle, password guessing, replay, impersonation, stolen verifier and denial of service attacks.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Unknown where it was published
Keywords
Loginserveraccess systemmutual authenticationsession keynetwork security.
Contact author(s)
yamu_balyan @ yahoo co in
History
2009-11-22: received
Short URL
https://ia.cr/2009/560
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2009/560,
      author = {Manoj Kumar},
      title = {On the Security Vulnerabilities of a Hash Based Strong Password Authentication Scheme},
      howpublished = {Cryptology {ePrint} Archive, Paper 2009/560},
      year = {2009},
      url = {https://eprint.iacr.org/2009/560}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.