ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
A remote user authentication scheme using hash functions
Full text PdfPdf (386 KB)
Source ACM SIGOPS Operating Systems Review archive
Volume 36 ,  Issue 4  (October 2002) table of contents
Pages: 23 - 29  
Year of Publication: 2002
ISSN:0163-5980
Authors
Cheng-Chi Lee  National Chiao-Tung University‡, Taiwan, R.O.C.
Li-Hua Li  Chaoyang University of Technology† Gifeng E. Rd., Wufeng, Taichung County, R.O.C.
Min-Shiang Hwang  Chaoyang University of Technology† Gifeng E. Rd., Wufeng, Taichung County, R.O.C.
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 5,   Downloads (12 Months): 65,   Citation Count: 13
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/583800.583803
What is a DOI?

ABSTRACT

Recently, Peyravian and Zunic proposed a simple but efficient password authentication system. Their scheme is based on the collision-resistant hash function, such as SHA-1. Their scheme did not use any cryptosystems (such as DES, RSA, etc.). However, their scheme is vulnerable to guess attack. An attacker can easily obtain a user's password by guessing attack and then impersonate the user to login and access resources in the server. To overcome the vulnerability of their scheme, we propose an improved scheme to enhance security of their scheme in this article.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
J. Botting, "Security on the Internet: Authenticating the user," Telecommunications, vol. 31, no. 12, pp. 77-80, 1997.
 
2
C. C. Chang and S. J. Hwang, "Using smart cards to authenticate remote passwords," Computers and Mathematics with Applications, vol. 26, no. 7, pp. 19-27, 1993.
 
3
Chin-Chen Chang , Wen-Yuan Liao, A remote password authentication scheme based upon ElGamal's signature scheme, Computers and Security, v.13 n.2, p.137-144, April 1994  [doi>10.1016/0167-4048(94)90063-9]
 
4
Chin-Chen Chang and Min-Shiang Hwang, "Parallel computation of the generating keys for RSA cryptosystems," IEE Electronics Letters, vol. 32, no. 15, pp. 1365-1366, 1996.
5
Shai Halevi , Hugo Krawczyk, Public-key cryptography and password protocols, Proceedings of the 5th ACM conference on Computer and communications security, p.122-131, November 02-05, 1998, San Francisco, California, United States  [doi>10.1145/288090.288118]
 
6
Min-Shiang Hwang, "A new redundancy reducing cipher," International Journal of Informatica, vol. 11, no. 4, pp. 435-440, 2000.
 
7
Min-Shiang Hwang, "Cryptanalysis of remote login authentication scheme," Computer Communications, vol. 22, no. 8, pp. 742-744, 1999.
 
8
Min-Shiang Hwang, "A remote password authentication scheme based on the digital signature method," International Journal of Computer Mathematics, vol. 70, pp. 657-666, 1999.
 
9
M. S. Hwang , C. C. Chang , K. F. Hwang, An ElGamal-Like Cryptosystem for Enciphering Large Messages, IEEE Transactions on Knowledge and Data Engineering, v.14 n.2, p.445-446, March 2002  [doi>10.1109/69.991728]
 
10
Min-Shiang Hwang, Cheng-Chi Lee, and Yuan-Liang Tang, "An improvement of SPLICE/AS in WIDE against guessing attack," International Journal of Informatica, vol. 12, no. 2, pp. 297-302, 2001.
 
11
Min-Shiang Hwang and L. H. Li, "A new remote user authentication scheme using smart cards," IEEE Transactions on Consumer Electronics, vol. 46, no. 1, pp. 28-30, 2000.
12
David P. Jablon, Strong password-only authenticated key exchange, ACM SIGCOMM Computer Communication Review, v.26 n.5, p.5-26, Oct. 1996  [doi>10.1145/242896.242897]
 
13
Jinn-Ke Jan , Yu-Yii Chen, “Paramita wisdom” password authentication scheme without verification tables, Journal of Systems and Software, v.42 n.1, p.45-57, July 1, 1998  [doi>10.1016/S0164-1212(98)00006-5]
14
Cheng-Chi Lee , Min-Shiang Hwang , Wei-Peng Yang, A flexible remote user authentication scheme using smart cards, ACM SIGOPS Operating Systems Review, v.36 n.3, p.46-52, July 2002  [doi>10.1145/567331.567335]
 
15
G. Li, M. A. Lomas, R. M. Needham, and J. H. Saltzer, "Protecting poorly chosen secrets from guessing attacks," IEEE Journal on Selected Areas in Communications, vol. 11, pp. 648-656, June 1993.
 
16
Li-Hua Li, Iuon-Chung Lin, and Min-Shiang Hwang, "A remote password authentication scheme for multi-server architecture using neural networks," IEEE Transactions on Neural Networls, vol. 12, no. 6, pp. 1498-1504, 2001.
17
Robert Morris , Ken Thompson, Password security: a case history, Communications of the ACM, v.22 n.11, p.594-597, Nov. 1979  [doi>10.1145/359168.359172]
 
18
M. Peyravian and N. Zunic, "Methods for protecting password transmission," Computers & Security, vol. 19, no. 5, pp. 466-469, 2000.
 
19
Bruce Schneier, Applied Cryptography, 2nd Edition. New York: John Wiley & Sons, 1996.

CITED BY  13
Chih-Wei Lin , Jau-Ji Shen , Min-Shiang Hwang, Security enhancement for optimal strong-password authentication protocol, ACM SIGOPS Operating Systems Review, v.37 n.3, p.12-16, July 2003
Chih-Wei Lin , Jau-Ji Shen , Min-Shiang Hwang, Security enhancement for Optimal Strong-Password Authentication protocol, ACM SIGOPS Operating Systems Review, v.37 n.2, p.7-12, April 2003
Eun-Jun Yoon , Eun-Kyung Ryu , Kee-Young Yoo, A secure user authentication scheme using hash functions, ACM SIGOPS Operating Systems Review, v.38 n.2, p.62-68, April 2004
Wei-Chi Ku , Chien-Ming Chen , Hui-Lung Lee, Weaknesses of Lee-Li-Hwang's hash-based password authentication scheme, ACM SIGOPS Operating Systems Review, v.37 n.4, p.19-25, October 2003
Sung-Woon Lee , Hyun-Sung Kim , Kee-Young Yoo, Cryptanalysis of a user authentication scheme using hash functions, ACM SIGOPS Operating Systems Review, v.38 n.1, p.24-28, January 2004
Horng-Twu Liaw , Shiou-Wei Fan , Wei-Chen Wu, A simple password authentication using a polynomial, ACM SIGOPS Operating Systems Review, v.38 n.4, p.74-79, October 2004
Wei-Chi Ku , Min-Hung Chiang , Shen-Tien Chang, Weaknesses of Yoon-Ryu-Yoo's hash-based password authentication scheme, ACM SIGOPS Operating Systems Review, v.39 n.1, p.85-89, January 2005
Chun-Ta Li , Min-Shiang Hwang , Chi-Yu Liu, An electronic voting protocol with deniable authentication for mobile ad hoc networks, Computer Communications, v.31 n.10, p.2534-2540, June, 2008
Tzung-Her Chen , Wei-Bin Lee, A new method for using hash functions to solve remote user authentication, Computers and Electrical Engineering, v.34 n.1, p.53-62, January, 2008
Wei-Chi Ku , Hao-Chuan Tsai, Weaknesses and Improvements of Yang-Chang-Hwang's Password Authentication Scheme, Informatica, v.16 n.2, p.203-212, April 2005
Thulasi Goriparthi , Manik Lal Das , Ashutosh Saxena, An improved bilinear pairing based remote user authentication scheme, Computer Standards & Interfaces, v.31 n.1, p.181-185, January, 2009
Chun-Ta Li , Min-Shiang Hwang , Yen-Ping Chu, A secure and efficient communication scheme with authenticated key establishment and privacy preserving for vehicular ad hoc networks, Computer Communications, v.31 n.12, p.2803-2814, July, 2008
Yan-yan Wang , Jia-yong Liu , Feng-xia Xiao , Jing Dan, A more efficient and secure dynamic ID-based remote user authentication scheme, Computer Communications, v.32 n.4, p.583-585, March, 2009

INDEX TERMS

Keywords:
cryptography, digest, guessing attack, hash function, password

Collaborative Colleagues:
Cheng-Chi Lee: colleagues
Li-Hua Li: colleagues
Min-Shiang Hwang: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player