JISE

[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [21] [22] [23]

Journal of Information Science and Engineering, Vol. 26 No. 5, pp. 1845-1858

Weaknesses and Improvement of Secure Hash-Based Strong-Password Authentication Protocol

HANJAE JEONG, DONGHO WON AND SEUNGJOO KIM⁺
Information Security Group
Sungkyunkwan University
Suwon-si, Gyeonggi-do, 440-746 Korea
E-mail: {hjjeong; dhwon; skim}@security.re.kr

In 2008, Kim-Koc proposed a secure hash-based strong-password authentication protocol using one-time public key cryptography. He claimed that the protocol was secure against guessing, stolen-verifier, replay, denial-of-service, and impersonation attacks. However, we show that the protocol is vulnerable to impersonation, guessing, and stolen-verifier attacks. We propose improvements to increase the security level of the protocol.

Keywords: impersonation attack, guessing attack, stolen-verifier attack, password-based authentication, hash-based password authentication

Retrieve PDF document (JISE_201005_18.pdf)