Cryptanalysis of Yeh-Shen-Hwang's One-Time Password Authentication Scheme
نویسندگان
چکیده
The well-known S/KEY one-time password scheme was designed to counter eavesdropping and replay attacks [1]. The success of S/KEY stems from its efficiency and simplicity as well as its security property. S/KEY uses simple hash functions and does not require other complex cryptographic primitives. Even though S/KEY is immune to eavesdropping and replay attacks, it is susceptible to preplay attacks and off-line dictionary attacks. Hence, Yeh, Shen, and Hwang recently proposed a secure one-time password authentication scheme using smart cards, which they claimed to be secure against preplay attacks and off-line dictionary attacks [2]. However, we show that their scheme is vulnerable to preplay attacks. Specifically, the attacker can successfully launch preplay attacks just after eavesdropping two executions of the protocol.
منابع مشابه
Comments on Yeh-Shen-Hwang's One-Time Password Authentication Scheme
The S/Key one-time password scheme is designed to counter replay attacks or eavesdropping attacks [2], [3]. With this scheme, the user’s secret pass-phrase never needs to cross the network at any time such as during authentication or during pass-phrase changes. Moreover, no secret information need be stored on any system, including the server being protected. Although the S/KEY scheme thus prot...
متن کاملImprovement of One-Time Password Authentication Scheme Using Smart Cards
In 2002, Yeh, Shen, and Hwang proposed a one-time password authentication scheme using smart cards. However, Tsuji et al. and Ku et al. showed that it is vulnerable to the stolen verifier attack. Therefore, this paper proposes an improved one-time password authentication scheme, which not only keeps the security of the scheme of Yeh-Shen-Hwang but also can withstand the stolen verifier attack. ...
متن کاملCryptanalysis of Liao-Lee-Hwang's Dynamic ID Scheme
Recently, Das, Saxena and Gulati proposed a dynamic Id based remote user authentication scheme that allows the users to choose and change their passwords freely and does not maintain verifier table. But their scheme has few weaknesses and cannot achieve mutual authentication. In 2005, Liao, Lee and Hwang showed that Das et al. scheme is vulnerable to guessing attack and proposed an enhanced sch...
متن کاملA Robust Password-Based Multi-Server Authentication Scheme
In 2013, Tsai et al. cryptanalyzed Yeh et al. scheme and shown that Yeh et al., scheme is vulnerable to various cryptographic attacks and proposed an improved scheme. In this poster we will show that Tsai et al., scheme is also vulnerable to undetectable online password guessing attack, on success of the attack, the adversary can perform all major cryptographic attacks. As apart of our contribu...
متن کاملCryptanalysis of the Yeh-Sun password-based authentication protocols
Two authentication protocols proposed by Yeh and Sun are analysed and shown to possess serious security defects.
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IEICE Transactions
دوره 88-B شماره
صفحات -
تاریخ انتشار 2005