Abstract
Recently, Jeong-Won-Kim proposed a hash-based strong-password authentication protocol and claimed that the protocol is secure against guessing attack, stolen-verifier attack, replay attack, and impersonation attack. However, we show that their protocol has two vulnerabilities, password guessing attack and authentication answer guessing attack. Furthermore, we present a secure hash-based password authentication protocol using smartcards to cope with the vulnerabilities. Security analysis shows that our protocol provides better security properties than the other related authentication protocols with the similar computational complexity with others.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Lamport, L.: Password authentication with insecure communication. Communications of the ACM 24(11), 770–772 (1981)
Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)
Bellovin, S., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: Proceedings of IEEE Security and Privacy 1992, pp. 72–84 (1992)
Boyko, V., MacKenzie, P.D., Patel, S.: Provably secure password-authenticated key exchange using diffie-hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)
Kwon, T., Song, J.: A study on the generalized key agreement and password authentication protocol. IEICE Transactions on Communications E83-B(9), 2044–2050 (2000)
Sandirigama, M., Shimizu, A., Noda, M.: Simple and secure password authentication protocol. IEICE Transactions on Communications E83-B, 1363–1365 (2000)
Lin, C.L., Sun, H.M., Hwang, T.: Attacks and solutions on strong-password authentication. IEICE Transactions on Communications E84-B, 2622–2627 (2001)
Chen, C.M., Ku, W.C.: Stolen-verifier attack on two new strong-password authentication protocols. IEICE Transactions on Communications E85-B, 2519–2521 (2002)
Lee, C.C., Li, L.H., Hwang, M.S.: A remote user authentication scheme using hash functions. ACM Operating System Review 36, 23–29 (2002)
Peyravian, M., Zunic, N.: Methods for protecting password transmissions. Computers and Security 19, 466–469 (2000)
Yoon, E.J., Ryu, E.K., Yoo, K.Y.: A secure user authentication scheme using hash functions. ACM Operating System Review 38, 62–68 (2004)
Ku, W.C., Chiang, M.H., Chang, S.T.: Weaknesses of Yoon-Ryu-Yoo’s hash-based password authentication scheme. ACM Operating System Review 39, 85–89 (2005)
Kim, Koç: A secure hash-based strong-password authentication protocol using one-time public-key cryptography. Journal of Computer and Systems Sciences International 45, 623–626 (2006)
Jeong, H., Won, D., Kim, S.: Weaknesses and improvement of secure hash-based strong-password authentication protocol. Journal of Information Science and Engineering 26, 1845–1858 (2010)
Wikipedia, http://en.wikipedia.org/wiki/Client%E2%80%93server_model
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jung, H., Kim, H.S. (2011). Secure Hash-Based Password Authentication Protocol Using Smartcards. In: Murgante, B., Gervasi, O., Iglesias, A., Taniar, D., Apduhan, B.O. (eds) Computational Science and Its Applications - ICCSA 2011. ICCSA 2011. Lecture Notes in Computer Science, vol 6786. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21934-4_48
Download citation
DOI: https://doi.org/10.1007/978-3-642-21934-4_48
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21933-7
Online ISBN: 978-3-642-21934-4
eBook Packages: Computer ScienceComputer Science (R0)