ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Weaknesses of Yoon-Ryu-Yoo's hash-based password authentication scheme
Full text PdfPdf (251 KB)
Source ACM SIGOPS Operating Systems Review archive
Volume 39 ,  Issue 1  (January 2005) table of contents
Pages: 85 - 89  
Year of Publication: 2005
ISSN:0163-5980
Authors
Wei-Chi Ku  Fu Jen Catholic University, Hsinchuang, Taipei County, Taiwan, R.O.C.
Min-Hung Chiang  Fu Jen Catholic University, Hsinchuang, Taipei County, Taiwan, R.O.C.
Shen-Tien Chang  Fu Jen Catholic University, Hsinchuang, Taipei County, Taiwan, R.O.C.
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 4,   Downloads (12 Months): 32,   Citation Count: 2
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1044552.1044561
What is a DOI?

ABSTRACT

In 2000, Peyravian and Zunic proposed an efficient hash-based password authentication scheme that can be easily implemented. Later, Lee, Li, and Hwang demonstrated that Peyravian-Zunic's scheme is vulnerable to an off-line guessing attack, and then proposed an improved version. However, Ku, Chen, and Lee pointed out that their scheme can not resist an off-line guessing attack, a denial-of-service attack, and a stolen-verifier attack. Recently, Yoon, Ryu, and Yoo proposed an improved scheme of Lee-Li-Hwang's scheme. Unfortunately, we find that Yoon-Ryu-Yoo's scheme is still vulnerable to an off-line guessing attack and a stolen-verifier attack. Furthermore, their scheme can not achieve backward secrecy. Herein, we first briefly review Yoon-Ryu-Yoo's scheme and then describe its weaknesses.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
C. M. Chen and W. C. Ku, "Stolen-verifier attack on two new strong-password authentication protocols," IEICE Transactions on Communications, vol. E58-B, no. 11, pp. 2519--2521, Nov. 2002.
 
2
J. J. Hwang and T. C. Yeh, "Improvement on Peyravian-Zunic's password authentication schemes," IEICE Transactions on Communications, vol. E85-B, no. 4, pp. 823--825, April 2002.
 
3
W. C. Ku, C. M. Chen, and H. L. Lee, "Cryptanalysis of a variant of Peyravian-Zunic's password authentication scheme," IEICE Transactions on Communications, vol. E86-B, no. 5, pp. 1682--1684, May 2003.
4
Wei-Chi Ku , Chien-Ming Chen , Hui-Lung Lee, Weaknesses of Lee-Li-Hwang's hash-based password authentication scheme, ACM SIGOPS Operating Systems Review, v.37 n.4, p.19-25, October 2003  [doi>10.1145/958965.958967]
5
Cheng-Chi Lee , Li-Hua Li , Min-Shiang Hwang, A remote user authentication scheme using hash functions, ACM SIGOPS Operating Systems Review, v.36 n.4, p.23-29, October 2002  [doi>10.1145/583800.583803]
 
6
C. L. Lin, H. M. Sun, and T. Hwang, "Attacks and solutions on strong-password authentication," IEICE Transactions on Communications, vol. E84-B, no. 9, pp. 2622--2627, Sept. 2001.
 
7
National Institute of Standards and Technology, "Secure hash standard," FIPS Publication 180-1, April 1995.
 
8
M. Peyravian and N. Zunic, "Methods for protecting password transmission," Computers & Security, vol. 19, no. 5, pp. 466--469, July 2000.
 
9
R. Rivest, "The MD5 message-digest algorithm," RFC 1321, April 1992.
10
Eun-Jun Yoon , Eun-Kyung Ryu , Kee-Young Yoo, A secure user authentication scheme using hash functions, ACM SIGOPS Operating Systems Review, v.38 n.2, p.62-68, April 2004  [doi>10.1145/991130.991135]

CITED BY  2
Tzung-Her Chen , Wei-Bin Lee, A new method for using hash functions to solve remote user authentication, Computers and Electrical Engineering, v.34 n.1, p.53-62, January, 2008
Yuh-Min Tseng , Tsu-Yang Wu , Jui-Di Wu, A Pairing-Based User Authentication Scheme for Wireless Clients with Smart Cards, Informatica, v.19 n.2, p.285-302, April 2008

INDEX TERMS

Primary Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)
          Subjects: Authentication

Additional Classification:
  E. Data
  E.2 DATA STORAGE REPRESENTATIONS
      Subjects: Hash-table representations
  E.3 DATA ENCRYPTION
      Subjects: Code breaking


General Terms:
Algorithms, Performance, Security


Keywords:
denial-of-service attack, guessing attack, hash function, password authentication, stolen-verifier attack

Collaborative Colleagues:
Wei-Chi Ku: colleagues
Min-Hung Chiang: colleagues
Shen-Tien Chang: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player