Cryptanalysis of Yeh-Shen-Hwang's One-Time Password Authentication Scheme

نویسندگان

  • Dae Hyun Yum
  • Pil Joong Lee
چکیده

The well-known S/KEY one-time password scheme was designed to counter eavesdropping and replay attacks [1]. The success of S/KEY stems from its efficiency and simplicity as well as its security property. S/KEY uses simple hash functions and does not require other complex cryptographic primitives. Even though S/KEY is immune to eavesdropping and replay attacks, it is susceptible to preplay attacks and off-line dictionary attacks. Hence, Yeh, Shen, and Hwang recently proposed a secure one-time password authentication scheme using smart cards, which they claimed to be secure against preplay attacks and off-line dictionary attacks [2]. However, we show that their scheme is vulnerable to preplay attacks. Specifically, the attacker can successfully launch preplay attacks just after eavesdropping two executions of the protocol.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Comments on Yeh-Shen-Hwang's One-Time Password Authentication Scheme

The S/Key one-time password scheme is designed to counter replay attacks or eavesdropping attacks [2], [3]. With this scheme, the user’s secret pass-phrase never needs to cross the network at any time such as during authentication or during pass-phrase changes. Moreover, no secret information need be stored on any system, including the server being protected. Although the S/KEY scheme thus prot...

متن کامل

Improvement of One-Time Password Authentication Scheme Using Smart Cards

In 2002, Yeh, Shen, and Hwang proposed a one-time password authentication scheme using smart cards. However, Tsuji et al. and Ku et al. showed that it is vulnerable to the stolen verifier attack. Therefore, this paper proposes an improved one-time password authentication scheme, which not only keeps the security of the scheme of Yeh-Shen-Hwang but also can withstand the stolen verifier attack. ...

متن کامل

Cryptanalysis of Liao-Lee-Hwang's Dynamic ID Scheme

Recently, Das, Saxena and Gulati proposed a dynamic Id based remote user authentication scheme that allows the users to choose and change their passwords freely and does not maintain verifier table. But their scheme has few weaknesses and cannot achieve mutual authentication. In 2005, Liao, Lee and Hwang showed that Das et al. scheme is vulnerable to guessing attack and proposed an enhanced sch...

متن کامل

A Robust Password-Based Multi-Server Authentication Scheme

In 2013, Tsai et al. cryptanalyzed Yeh et al. scheme and shown that Yeh et al., scheme is vulnerable to various cryptographic attacks and proposed an improved scheme. In this poster we will show that Tsai et al., scheme is also vulnerable to undetectable online password guessing attack, on success of the attack, the adversary can perform all major cryptographic attacks. As apart of our contribu...

متن کامل

Cryptanalysis of the Yeh-Sun password-based authentication protocols

Two authentication protocols proposed by Yeh and Sun are analysed and shown to possess serious security defects.

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:
  • IEICE Transactions

دوره 88-B  شماره 

صفحات  -

تاریخ انتشار 2005