JISE

[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18]

Journal of Information Science and Engineering, Vol. 24 No. 4, pp. 1213-1227

A Secure Hash-Based Strong-Password Authentication Protocol Using One-Time Public-Key Cryptography

Minho Kim and Cetin Kaya Koc^*
Department of Computer Science
Korea Air Force Academy
Sangsu, 363-849, South Korea
E-mail: mhkim@afa.ac.kr
^*School of Electrical Engineering and Computer Science
Oregon State University
Corvallis, Oregon 97331, U.S.A.
E-mail: koc@eecs.oregonstate.edu

Secure communication is an important issue in networks and user authentication is a very important part of the security. Several strong-password authentication protocols have been introduced, but there is no fully secure authentication scheme that can resist all known attacks. We propose enhanced secure schemes with registration and login protocols, and add the “forget password” and password/verifier change protocols. We show that our scheme is more secure against guessing, stolen-verifier, replay, denial-of-service, and impersonation attacks than previously introduced protocols.

Keywords: password authentication, forget password, password/verifier change, guessing attack, stolen-verifier attack, replay attack, denial-of-service attack, impersonation attack

Retrieve PDF document (JISE_200804_14.pdf)