A password authentication scheme over insecure networks

Authentication ensures that system’s resources are not obtained fraudulently by illegal users. Password authentication is one of the simplest and the most convenient authentication mechanisms over insecure networks. The problem of password authentication in an insecure networks is present in many application areas. Since computing resources have grown tremendously, password authentication is more frequently required in areas such as computer networks, wireless networks, remote login, operation systems, and database management systems. Many schemes based on cryptography have been proposed to solve the problem. However, previous schemes are vulnerable to various attacks and are neither efficient, nor user friendly. Users cannot choose and change their passwords at will. In this paper, we propose a new password authentication scheme to achieve the all proposed requirements. Furthermore, our scheme can support the Diffie–Hellman key agreement protocol over insecure networks. Users and the system can use the agreed session key to encrypt/decrypt their communicated messages using the symmetric cryptosystem. © 2005 Elsevier Inc. All rights reserved. ✩ This research was partially supported by the National Science Council, Taiwan, ROC, under contract no. NSC92-2213-E-324-023. * Corresponding author. E-mail address: [email protected] (M.-S. Hwang). 0022-0000/$ – see front matter © 2005 Elsevier Inc. All rights reserved. doi:10.1016/j.jcss.2005.10.001 728 I-E. Liao et al. / Journal of Computer and System Sciences 72 (2006) 727–740