Weaknesses and Improvements of Yang-Chang-Hwang's Password Authentication Scheme

Authors:
Wei-Chi Ku;Hao-Chuan Tsai
Affiliations:
Department of Computer Science and Information Engineering, Fu Jen Catholic University, 510 Chung Cheng Road, Hsinchuang, Taipei County, Taiwan 242, R.O.C., e-mail: wcku@csie.fju.edu.tw;Department of Computer Science and Information Engineering, Fu Jen Catholic University, 510 Chung Cheng Road, Hsinchuang, Taipei County, Taiwan 242, R.O.C., e-mail: wcku@csie.fju.edu.tw
Venue:
Informatica
Year:
2005

Citing 8
Cited 1

Comments on the S/KEY user authentication scheme

ACM SIGOPS Operating Systems Review
Password authentication with insecure communication

Communications of the ACM
A remote user authentication scheme using hash functions

ACM SIGOPS Operating Systems Review
Security enhancement for Optimal Strong-Password Authentication protocol

ACM SIGOPS Operating Systems Review
Weaknesses of Lee-Li-Hwang's hash-based password authentication scheme

ACM SIGOPS Operating Systems Review
Two simple attacks on Lin-Shen-Hwang's strong-password authentication protocol

ACM SIGOPS Operating Systems Review
On the Security of Some Password Authentication Protocols

Informatica
Security of Improvement on Methods for Protecting Password Transmission

Informatica

An Entire Chaos-Based Biometric Remote User Authentication Scheme on Tokens Without Using Password

Informatica

Quantified Score

Hi-index	0.00

Visualization

Abstract

In 2001, Tseng, Jan, and Chien proposed an improved version of Peyravian-Zunic's password authentication scheme based on the Diffie-Hellman scheme. Later, Yang, Chang, and Hwang demonstrated that Tseng-Jan-Chien's scheme is vulnerable to a modification attack, and then described an improved scheme. In this paper, we show that Yang-Chang-Hwang's scheme is still vulnerable to a denial-of-service attack and a stolen-verifier attack. In addition, we also propose an improved scheme with better security.