Abstract
In 2008, Kim-Koç proposed a secure hash-based strong-password authentication protocol using one-time public key cryptography. He claimed that the protocol was secure against guessing, stolen-verifier, replay, denial-of-service, and impersonation attacks. However, we show that the protocol is vulnerable to impersonation, guessing, and stolen-verifier attacks. We propose improvements to increase the security level of the protocol.
Original language | English |
---|---|
Pages (from-to) | 1845-1858 |
Number of pages | 14 |
Journal | Journal of Information Science and Engineering |
Volume | 26 |
Issue number | 5 |
Publication status | Published - 2010 Sept |
Externally published | Yes |
Keywords
- Guessing attack
- Hash-based password authentication
- Impersonation attack
- Password-based authentication
- Stolen-verifier attack
ASJC Scopus subject areas
- Software
- Human-Computer Interaction
- Hardware and Architecture
- Library and Information Sciences
- Computational Theory and Mathematics