Weaknesses and improvement of secure hash-based strong-password authentication protocol

Jeong Hanjae, Won Dongho, Seung-Joo Kim

Research output: Contribution to journalArticle

10 Citations (Scopus)

Abstract

In 2008, Kim-Koç proposed a secure hash-based strong-password authentication protocol using one-time public key cryptography. He claimed that the protocol was secure against guessing, stolen-verifier, replay, denial-of-service, and impersonation attacks. However, we show that the protocol is vulnerable to impersonation, guessing, and stolen-verifier attacks. We propose improvements to increase the security level of the protocol.

Original languageEnglish
Pages (from-to)1845-1858
Number of pages14
JournalJournal of Information Science and Engineering
Volume26
Issue number5
Publication statusPublished - 2010 Sep 1
Externally publishedYes

Fingerprint

Public key cryptography
Authentication

Keywords

  • Guessing attack
  • Hash-based password authentication
  • Impersonation attack
  • Password-based authentication
  • Stolen-verifier attack

ASJC Scopus subject areas

  • Computational Theory and Mathematics
  • Hardware and Architecture
  • Human-Computer Interaction
  • Software
  • Library and Information Sciences

Cite this

Weaknesses and improvement of secure hash-based strong-password authentication protocol. / Hanjae, Jeong; Dongho, Won; Kim, Seung-Joo.

In: Journal of Information Science and Engineering, Vol. 26, No. 5, 01.09.2010, p. 1845-1858.

Research output: Contribution to journalArticle

@article{b2301e58ca0140ee8415d1f6218b1536,
title = "Weaknesses and improvement of secure hash-based strong-password authentication protocol",
abstract = "In 2008, Kim-Ko{\cc} proposed a secure hash-based strong-password authentication protocol using one-time public key cryptography. He claimed that the protocol was secure against guessing, stolen-verifier, replay, denial-of-service, and impersonation attacks. However, we show that the protocol is vulnerable to impersonation, guessing, and stolen-verifier attacks. We propose improvements to increase the security level of the protocol.",
keywords = "Guessing attack, Hash-based password authentication, Impersonation attack, Password-based authentication, Stolen-verifier attack",
author = "Jeong Hanjae and Won Dongho and Seung-Joo Kim",
year = "2010",
month = "9",
day = "1",
language = "English",
volume = "26",
pages = "1845--1858",
journal = "Journal of Information Science and Engineering",
issn = "1016-2364",
publisher = "Institute of Information Science",
number = "5",

}

TY - JOUR

T1 - Weaknesses and improvement of secure hash-based strong-password authentication protocol

AU - Hanjae, Jeong

AU - Dongho, Won

AU - Kim, Seung-Joo

PY - 2010/9/1

Y1 - 2010/9/1

N2 - In 2008, Kim-Koç proposed a secure hash-based strong-password authentication protocol using one-time public key cryptography. He claimed that the protocol was secure against guessing, stolen-verifier, replay, denial-of-service, and impersonation attacks. However, we show that the protocol is vulnerable to impersonation, guessing, and stolen-verifier attacks. We propose improvements to increase the security level of the protocol.

AB - In 2008, Kim-Koç proposed a secure hash-based strong-password authentication protocol using one-time public key cryptography. He claimed that the protocol was secure against guessing, stolen-verifier, replay, denial-of-service, and impersonation attacks. However, we show that the protocol is vulnerable to impersonation, guessing, and stolen-verifier attacks. We propose improvements to increase the security level of the protocol.

KW - Guessing attack

KW - Hash-based password authentication

KW - Impersonation attack

KW - Password-based authentication

KW - Stolen-verifier attack

UR - http://www.scopus.com/inward/record.url?scp=77957997482&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77957997482&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:77957997482

VL - 26

SP - 1845

EP - 1858

JO - Journal of Information Science and Engineering

JF - Journal of Information Science and Engineering

SN - 1016-2364

IS - 5

ER -