A Secure YS-Like User Authentication Scheme

Authors:
Tzung-Her Chen;Gwoboa Horng;Ke-Chiang Wu
Affiliations:
Department of Computer Science and Information Engineering, National Chiayi University, 300 University Road, Chia-Yi City, Taiwan 600, R.O.C., e-mail: thchen@mail.ncyu.edu.tw;Institute of Computer Science, National Chung-Hsing University, 250 Kuo-Kuang Road, Taichung 402, Taiwan, R.O.C.;Institute of Computer Science, National Chung-Hsing University, 250 Kuo-Kuang Road, Taichung 402, Taiwan, R.O.C.
Venue:
Informatica
Year:
2007

Citing 1
Cited 4

ID-based password authentication scheme using smart cards and fingerprints

ACM SIGOPS Operating Systems Review

Gabor-Based Kernel Partial-Least-Squares Discrimination Features for Face Recognition

Informatica
Robust Key Exchange Protocol between Set-Top Box and Smart Card in DTV Broadcasting

Informatica
A novel user-participating authentication scheme

Journal of Systems and Software
An Entire Chaos-Based Biometric Remote User Authentication Scheme on Tokens Without Using Password

Informatica

Quantified Score

Hi-index	0.00

Visualization

Abstract

Recently, there are several articles proposed based on Yang and Shieh's password authentication schemes (YS for short) with the following features: (1) A user can choose password freely. (2) The server does not need to maintain a password table. (3) There is no need to involve a trusted third party. Although there were several variants of the YS-like schemes claimed to address the forgery attacks, this paper analyzes their security and shows that they still suffer from forgery attacks. Furthermore, a new scheme based on the concept of message authentication is proposed to foil the forgery attack.