eprint.iacr.org will be offline for approximately an hour for routine maintenance at 11pm UTC on Tuesday, April 16. We lost some data between April 12 and April 14, and some authors have been notified that they need to resubmit their papers.
You are looking at a specific version 20091122:034612 of this paper. See the latest version.

Paper 2009/560

On the Security Vulnerabilities of a Hash Based Strong Password Authentication Scheme

Manoj Kumar

Abstract

User authentication is an essential task for network security. To serve this purpose,in the past years, several strong password authentication schemes have been proposed, but none of them probably withstand to known security threats. In 2004, W. C. Ku proposed a new hash based strong password authentication scheme and claimed that the proposed scheme withstands to replay, password fie compromise, denial of service and insider attack. This paper analyzes W. C. Ku’s scheme and found that the proposed scheme does not support mutual authentication, session key generation phase for secure communication. In addition, in W. C. Ku’s scheme, the user is not free to change his password. However, in this paper, we show that W. C. Ku’s scheme is still vulnerable to insider, man in the middle, password guessing, replay, impersonation, stolen verifier and denial of service attacks.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Unknown where it was published
Keywords
Loginserveraccess systemmutual authenticationsession keynetwork security.
Contact author(s)
yamu_balyan @ yahoo co in
History
2009-11-22: received
Short URL
https://ia.cr/2009/560
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.