Weaknesses and improvement of secure hash-based strong-password authentication protocol

Jeong Hanjae; Won Dongho; Kim Seungjoo

Weaknesses and improvement of secure hash-based strong-password authentication protocol

Jeong Hanjae^*
, Won Dongho
, Kim Seungjoo

^*Corresponding author for this work

Research output: Contribution to journal › Article › peer-review

10 Citations (Scopus)

Abstract

In 2008, Kim-Koç proposed a secure hash-based strong-password authentication protocol using one-time public key cryptography. He claimed that the protocol was secure against guessing, stolen-verifier, replay, denial-of-service, and impersonation attacks. However, we show that the protocol is vulnerable to impersonation, guessing, and stolen-verifier attacks. We propose improvements to increase the security level of the protocol.

Original language	English
Pages (from-to)	1845-1858
Number of pages	14
Journal	Journal of Information Science and Engineering
Volume	26
Issue number	5
Publication status	Published - 2010 Sept
Externally published	Yes

Keywords

Guessing attack
Hash-based password authentication
Impersonation attack
Password-based authentication
Stolen-verifier attack

ASJC Scopus subject areas

Software
Human-Computer Interaction
Hardware and Architecture
Library and Information Sciences
Computational Theory and Mathematics

Cite this

@article{b2301e58ca0140ee8415d1f6218b1536,

title = "Weaknesses and improvement of secure hash-based strong-password authentication protocol",

abstract = "In 2008, Kim-Ko{\c c} proposed a secure hash-based strong-password authentication protocol using one-time public key cryptography. He claimed that the protocol was secure against guessing, stolen-verifier, replay, denial-of-service, and impersonation attacks. However, we show that the protocol is vulnerable to impersonation, guessing, and stolen-verifier attacks. We propose improvements to increase the security level of the protocol.",

keywords = "Guessing attack, Hash-based password authentication, Impersonation attack, Password-based authentication, Stolen-verifier attack",

author = "Jeong Hanjae and Won Dongho and Kim Seungjoo",

year = "2010",

month = sep,

language = "English",

volume = "26",

pages = "1845--1858",

journal = "Journal of Information Science and Engineering",

issn = "1016-2364",

publisher = "Institute of Information Science",

number = "5",

}

TY - JOUR

T1 - Weaknesses and improvement of secure hash-based strong-password authentication protocol

AU - Hanjae, Jeong

AU - Dongho, Won

AU - Seungjoo, Kim

PY - 2010/9

Y1 - 2010/9

N2 - In 2008, Kim-Koç proposed a secure hash-based strong-password authentication protocol using one-time public key cryptography. He claimed that the protocol was secure against guessing, stolen-verifier, replay, denial-of-service, and impersonation attacks. However, we show that the protocol is vulnerable to impersonation, guessing, and stolen-verifier attacks. We propose improvements to increase the security level of the protocol.

AB - In 2008, Kim-Koç proposed a secure hash-based strong-password authentication protocol using one-time public key cryptography. He claimed that the protocol was secure against guessing, stolen-verifier, replay, denial-of-service, and impersonation attacks. However, we show that the protocol is vulnerable to impersonation, guessing, and stolen-verifier attacks. We propose improvements to increase the security level of the protocol.

KW - Guessing attack

KW - Hash-based password authentication

KW - Impersonation attack

KW - Password-based authentication

KW - Stolen-verifier attack

UR - https://www.scopus.com/pages/publications/77957997482

M3 - Article

AN - SCOPUS:77957997482

SN - 1016-2364

VL - 26

SP - 1845

EP - 1858

JO - Journal of Information Science and Engineering

JF - Journal of Information Science and Engineering

IS - 5

ER -

Weaknesses and improvement of secure hash-based strong-password authentication protocol

Abstract

Keywords

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this