Improvements on two password-based authentication protocols

Yalin Chen; Jue-Sam Chou; Chun-Hui Huang

eprint.iacr.org will be offline for approximately an hour for routine maintenance at 11pm UTC on Tuesday, April 16. We lost some data between April 12 and April 14, and some authors have been notified that they need to resubmit their papers.

Paper 2009/561

Improvements on two password-based authentication protocols

Yalin Chen, Jue-Sam Chou, and Chun-Hui Huang

Abstract

Recently, Liao et al. and Hölbl et al. each proposed a user authentication protocol, respectively. Both claimed that their schemes can withstand various attacks. However, Xiang et al. pointed out Liao et al.’s protocol suffers from three kinds of attacks, the replay attack, the guessing attack, and the Denial-of-service (DoS) attack. Moreover, we and Munilla et al. also found Hölbl et al.’s protocol suffers from the password guessing attack. In this paper, we will propose the two protocols’ improvements respectively. After analyses and comparisons, we conclude that our improvements are not only more secure but also more efficient in communication cost than all of the proposed password based schemes that we know.

Metadata

Available format(s): PDF
Category: Cryptographic protocols
Publication info: Published elsewhere. Unknown where it was published
Keywords: smart card password authentication protocol password change man-in-the-middle attack denial-of-service attack smart-card-lost attack off-line password guessing attack mutual authenticatio
Contact author(s): jschou @ mail nhu edu tw
History: 2009-11-22: received
Short URL: https://ia.cr/2009/561
License: CC BY

BibTeX

@misc{cryptoeprint:2009/561,
      author = {Yalin Chen and Jue-Sam Chou and Chun-Hui Huang},
      title = {Improvements on two password-based authentication protocols},
      howpublished = {Cryptology ePrint Archive, Paper 2009/561},
      year = {2009},
      note = {\url{https://eprint.iacr.org/2009/561}},
      url = {https://eprint.iacr.org/2009/561}
}