Attacks and Solutions of Yang et al.'s Protected Password Changing Scheme

Authors:
Eun-Jun Yoon;Eun-Kyung Ryu;Kee-Young Yoo
Affiliations:
Department of Computer Engineering, Kyungpook National University, 1370 Sankyuk-dong, Buk-gu, Daegu 702-701, South Korea, e-mail: {ejyoon,ekryu}@infosec.knu.ac.kr, yook@knu.ac.kr;Department of Computer Engineering, Kyungpook National University, 1370 Sankyuk-dong, Buk-gu, Daegu 702-701, South Korea, e-mail: {ejyoon,ekryu}@infosec.knu.ac.kr, yook@knu.ac.kr;Department of Computer Engineering, Kyungpook National University, 1370 Sankyuk-dong, Buk-gu, Daegu 702-701, South Korea, e-mail: {ejyoon,ekryu}@infosec.knu.ac.kr, yook@knu.ac.kr
Venue:
Informatica
Year:
2005

Citing 2
Cited 1

Handbook of Applied Cryptography

Handbook of Applied Cryptography
Security of Improvement on Methods for Protecting Password Transmission

Informatica

An Entire Chaos-Based Biometric Remote User Authentication Scheme on Tokens Without Using Password

Informatica

Quantified Score

Hi-index	0.01

Visualization

Abstract

Recently, Yang et al. proposed an improvement to Tseng et al.'s protected password changing scheme that can withstand denial of service attack. However, the improved scheme is still susceptible to stolen-verifier attack and denial of service attack. Accordingly, the current paper demonstrates the vulnerability of Yang et al.'s scheme to two simple attacks and presents an improved protected password change scheme to resolve such problems. In contrast to Yang et al.'s protected password changing scheme and the existing password change schemes using server's public key, the proposed scheme can securely update user passwords without a complicated process and server's public key.