Paper 2010/181

Cryptanalysis of a DoS-resistant ID-based password authentication

He Debiao, Chen Jianhua, and Hu Jin

Abstract

Remote authentication is a method to authenticate remote users over insecure communication channel. Password-based authentication schemes have been widely deployed to verify the legitimacy of remote users. Very recently, Hwang et al. proposed a DoS-resistant ID-based password authentication scheme using smart cards. In the current work, we are concerned with the password security of the Hwang et al.’s scheme. We first show that their scheme is vulnerable to a password guessing attack in which an attacker exhaustively enumerates all possible passwords in an off-line manner to determine the correct one. We then figure out how to eliminate the security vulnerability of their scheme.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. The paper has not been published.
Keywords
AuthenticationSecurityCryptanalysisSmart cardAttacks
Contact author(s)
hedebiao @ 163 com
History
2010-04-09: received
Short URL
https://ia.cr/2010/181
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2010/181,
      author = {He Debiao and Chen Jianhua and Hu Jin},
      title = {Cryptanalysis of a {DoS}-resistant {ID}-based password authentication},
      howpublished = {Cryptology {ePrint} Archive, Paper 2010/181},
      year = {2010},
      url = {https://eprint.iacr.org/2010/181}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.