Browse > Article
http://dx.doi.org/10.13089/JKIISC.2011.21.6.133

Design of Improved Strong Password Authentication Scheme to Secure on Replay Attack  

Kim, Jun-Sub (Information Security Application & Assurance Lab, Department of Information Security Engineering, Soonchunhyang University)
Kwak, Jin (Information Security Application & Assurance Lab, Department of Information Security Engineering, Soonchunhyang University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.21, no.6, 2011 , pp. 133-140 More about this Journal
Abstract
Password-based authentication is the protocol that two entities share a password in advance and use the password as the basic of authentication. Password authentication schemes are divided into weak-password and strong-password authentication scheme. SPAS protocol, one of the strong-password authentication scheme, was proposed for secure against DoS attack. However it has vulnerability of the replay attack. In this paper, we analyze the vulnerability to the replay attack in SPAS protocol. Then we also propose an Improved-Strong Password Authentication Scheme (I-SPAS) with secure against the replay attack.
Keywords
Password Authentication; Replay Attack; Hash Function; Security;
Citations & Related Records
연도 인용수 순위
  • Reference
1 L. Lamport, "Password authentication with insecure communication," Communication of ACM, Vol. 24, no. 11, pp. 770-772, Nov. 1981.   DOI   ScienceOn
2 M. Sandirigama, A. Shimizu, and M. T. Noda, "Simple and secure password authentication protocol," IEICE Transactions on Communications, Vol. E83-B, no. 6, pp. 1363-1365, Jun. 2000.
3 C.L. Lin, H.M. Sun, and T. Hwang, "Attacks and solutions on strong-Password authentication," IEICE Transactions on Communications, Vol. E84-B, no. 9, pp. 2622-2627, Sep. 2001.
4 C.M. Chen and W.C. Ku, "Stolen-verifier attack on two new strong-password authentication protocols," IEICE Transactions on Communications, Vol. E85-B, no. 11, pp. 2519-2521, Nov. 2002.
5 C.W. Lin, J.J. Shen, and M.S. Hwang, "Security enhancement for optimal strong-password authentication protocol," ACM SIGOPS Operating Systems Review, Vol. 37, no. 2, pp. 7-12, Apr. 2003.   DOI   ScienceOn
6 W.C. Ku, H.C. Tsai, and S.M. Chen, "Two simple attack on Lin-Shen-Hwang's strong-password authentication protocol," ACM SIGOPS Operating Systems Review, Vol. 37, no. 4, pp. 26-31, Oct. 2003.   DOI   ScienceOn
7 H. Jiang, "Strong password authentication protocols," 2010 4th International Conference on Distance Learning and Education, pp. 50-52, Oct. 2010.