CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Strong password-only authenticated key exchange
ACM SIGCOMM Computer Communication Review
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Secure remote user access over insecure networks
Computer Communications
Threat analysis of online health information system
Proceedings of the 3rd International Conference on PErvasive Technologies Related to Assistive Environments
Various types of attacks and solutions regarding secure remote user access over insecure networks
ICCSA'06 Proceedings of the 6th international conference on Computational Science and Its Applications - Volume Part I
Hi-index | 0.00 |
In an internet environment, such as UNIX, a remote user has to obtain the access right from a server before doing any job. The procedure of obtaining acess right is called a user authentication protocol. User authentication via user memorable password provides convenience without needing any auxiliary devices, such as smart card. A user authentication protocol via username and password should basically withstand the off-line password guessing attack, the stolen verifier attack, and the DoS attack. Recently, Peyravian and Zunic proposed one password transmission protocol and one password change protocol. Later, Tseng et al. (2001) pointed out that Peyravian and Zunic's protocols can not withstand the off-line password guessing attack, and therefore proposed an improved protocol to defeat the attack. Independently, Hwang and Yeh also showed that Peyravian and Zunic's protocols suffer from some secury flaws, and an improved protocol was also presented. In this paper, we show that both Peyravian and Zunic's protocols and Tseng et al.'s improved protocol are insecure against the stolen verifier attack. Moreover, we show that all Peyravian and Zunic's, Tseng et al.'s, and Hwang and Yeh's protocols are insecure against DoS attack.