IEEE Spectrum
Refinement and extension of encrypted key exchange
ACM SIGOPS Operating Systems Review
Timestamps in key distribution protocols
Communications of the ACM
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Note on Robust and Simple Authentication Protocol
The Computer Journal
A secure and efficient SIP authentication scheme for converged VoIP networks
Computer Communications
Robust secret key based authentication scheme using smart cards
PCM'05 Proceedings of the 6th Pacific-Rim conference on Advances in Multimedia Information Processing - Volume Part II
One-time password authentication scheme using smart cards providing user anonymity
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part V
Security and Communication Networks
| Hi-index | 0.00 |
User authentication is an important part of security, along with confidentiality and integrity, for systems that allow remote access over untrustworthy networks, such as the Internet Web environment. In 2005, Chien-Wang-Yang (CWY) pointed out that Chien-Jan's ROSI protocol required state synchronization between the client and the server, and then its state-synchronization property was vulnerable to the Denial of Service (DoS) attack. Furthermore, they proposed an improved protocol that conquered the weaknesses and extended its key agreement functions, and improved the server's performance. Nevertheless, CWY's improved ROSI protocol does not provide perfect forward secrecy and is vulnerable to a Denning-Sacco attack. Accordingly, the current paper demonstrates that CWY's protocol does not provide perfect forward secrecy and is susceptible to a Denning-Sacco attack. We then present an enhanced protocol to isolate such problems.