A Secure Hash-Based Strong-Password Authentication Scheme

Shuyao Yu, Youkun Zhang, Runguo Ye, Chuck Song

Abstract

Password authentication remains to be the most common form of user authentication. So far, many strong-password authentication schemes based on hash functions have been proposed, however, none is sufficiently secure and efficient. Based on the analysis of attacks against OSPA(Optimal Strong Password Authentication) protocol, we present a hash-based Strong- Password mutual Authentication Scheme (SPAS), which is resistant to DoS attacks, replay attacks, impersonation attacks, and stolen-verifier attacks.

References

  1. M. Sandirigama, A. Shimizu and M. T. Noda: Simple and secure password authentication protocol (SAS). IEICE Transactions on Communications, vol. E83-B, no. 6 (2000)1363- 1365
  2. Halevi, S. and Krawczyk, H: Public-key cryptography and password protocols. In: Proceedings of 5th ACM Conference On Computer and Communications Security, San Francisco, CA (1998) 122-131
  3. C. L. Lin, H. M. Sun, and T. Hwang: Attacks and solutions on strong-password authentication. IEICE Transactions on Communications, vol. E84-B, no. 9, (2001) 2622--2627
  4. C.M. Chen and W.C. Ku: Stolen-verifier attack on two new strong-password authentication protocols. IEICE Transactions on Communications, vol. E58-B, no. 11, (2002)2519-2521
  5. N.M. Haller: On internet authentication. RFC 1704, Oct. 1994
  6. N.M. Haller: The S/KEY one-time password system. In: Proceedings of Internet Society Symposium on Network and Distributed System Security (1994)151-158
  7. N.M. Haller: A one-time password system. RFC 1938, May 1996
  8. C. Kaufman, R. Perlman, and M. Speciner. Network Security-Private communication in a public world. Prentice Hall (2002)
  9. Leslie Lamport: Password authentication with insecure communication. Communications of the ACM, v.24 n.11 (1981)770-772
  10. C.J. Mitchell and L. Chen. Comments on the S/KEY user authentication scheme. ACM Operating Systems Review, vol.30, no.4 (1996)12-16
  11. A. Shimizu: A dynamic password authentication method by one-way function. IEICE Transactions, vol.J73-D-I, no.7 (1990) 630-636
  12. A. Shimizu: A dynamic password authentication method by one-way function. System and Computers in Japan, vol.22, no.7(1991)
  13. A. Shimizu, T. Horioka, and H. Inagaki: A password authentication method for contents communication on the Internet. IEICE Transactions of Communications., vol.E81-B, no.8 (1998)1666-1673
  14. S.M. Yen and K.H. Liao: Shared authentication token secure against replay and weak key attacks. Information Processing Letters, vol.62 (1997) 77-80
  15. Chih-Wei Lin, Jau-Ji Shen, Min-Shiang Hwang: Security enhancement for Optimal StrongPassword Authentication protocol. Operating Systems Review 37 (2003) 7-12
  16. Wei-Chi Ku, Hao-Chuan Tsai, Shuai-Min Chen: Two simple attacks on Lin-Shen-Hwang's strong-password authentication protocol. ACM operating Systems Review, vol.37, no. 4 (2003) 26-31
  17. Wei-Chi Ku: A Hash-Based Strong-Password Authentication Scheme without Using Smart Cards. ACM Operating Systems Review, vol.38, no.1 (2004) 29-34
  18. Hung-Yu Chien, Jinn-ke Jan: Robust and Simple Authentication Protocol. Computer Journal 46(2) (2003)193-201
  19. M.S.Hwang and L.H.Li: A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, vol.46, no.1 (2000) 28-30
  20. C.C.Lee, M.S.Hwang, and W.P.Yang: A flexible remote user authentication scheme using smart cards. ACM operating Systems Review, vol.36, no.3,(2002) 46-52
  21. Ya-Fen Chang, Chin-Chen Chang: A secure and efficient strong-password authentication protocol. ACM SIGOPS Operating Systems Review archive, Volume 38, Issue 3 (2004) 79 - 90
Download


Paper Citation


in Harvard Style

Yu S., Zhang Y., Ye R. and Song C. (2005). A Secure Hash-Based Strong-Password Authentication Scheme . In Proceedings of the 3rd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2005) ISBN 972-8865-25-2, pages 13-20. DOI: 10.5220/0002541700130020


in Bibtex Style

@conference{wosis05,
author={Shuyao Yu and Youkun Zhang and Runguo Ye and Chuck Song},
title={A Secure Hash-Based Strong-Password Authentication Scheme},
booktitle={Proceedings of the 3rd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2005)},
year={2005},
pages={13-20},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002541700130020},
isbn={972-8865-25-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2005)
TI - A Secure Hash-Based Strong-Password Authentication Scheme
SN - 972-8865-25-2
AU - Yu S.
AU - Zhang Y.
AU - Ye R.
AU - Song C.
PY - 2005
SP - 13
EP - 20
DO - 10.5220/0002541700130020