Previous [ 1] [ 2] [ 3] [ 4] [ 5] [ 6] [ 7] [ 8] [ 9] [ 10] [ 11] [ 12] [ 13] [ 14] [ 15] [ 16] [ 17] [ 18] [ 19] [ 20] [ 21] [ 22] [ 23]

@

Journal of Information Science and Engineering, Vol. 26 No. 5, pp. 1845-1858 (September 2010)

Weaknesses and Improvement of Secure Hash-Based Strong-Password Authentication Protocol*

HANJAE JEONG, DONGHO WON AND SEUNGJOO KIM+
Information Security Group
Sungkyunkwan University
Suwon-si, Gyeonggi-do, 440-746 Korea
E-mail: {hjjeong; dhwon; skim}@security.re.kr

In 2008, Kim-Koc proposed a secure hash-based strong-password authentication protocol using one-time public key cryptography. He claimed that the protocol was secure against guessing, stolen-verifier, replay, denial-of-service, and impersonation attacks. However, we show that the protocol is vulnerable to impersonation, guessing, and stolen-verifier attacks. We propose improvements to increase the security level of the protocol.

Keywords: impersonation attack, guessing attack, stolen-verifier attack, password-based authentication, hash-based password authentication

Full Text () Retrieve PDF document (201009_18.pdf)

Received October 3, 2008; revised May 3 & July 17, 2009; accepted August 13, 2009.
Communicated by Chin-Laung Lei.
* This research was supported by the Ministry of Knowledge Economy (MKE), Korea, under the Information Technology Research Center (ITRC) support program supervised by the National IT Industry Promotion Agency No. NIPA-2010-C1090-1031-0005 and was also supported by Defense Acquisition Program Administration and Agency for Defense Development under the contract UD100002KD.
+ Corresponding author.