Cryptanalysis and improvement on Yang-Shieh authentication schemes
Authors: 
Jie Liu, Lei Fan, Jianhua LiAuthors Info & Claims
Jie Liu, Lei Fan, Jianhua LiAuthors Info & ClaimsArticle No.: 64, Pages 1 - 4
Abstract
Yang and Shieh proposed two password authentication schemes based on smart cards. The best merit of their schemes is that the remote server can verify a login user without any prior knowledge except a login request message. Unfortunately, some security weaknesses had been found and kinds of attacks were presented later. Although some improvements were proposed to fix those weaknesses, part of these improvements need the remote server to maintain verification tables and the other improvements were proved insecure either. In this paper, we will propose two improved schemes that can withstand all existed attacks while keeping the best merit of the original schemes. The remote server in our improved schemes is still able to verify a login user only by a request message.
References
[1]
W. H. Yang and S. P. Shieh, "Password authentication schemes with smart cards," Computers & Security, vol. 18, no. 8, pp. 727--733, 1999.
[2]
C. K. Chan and L. M. Cheng, "Cryptanalysis of a timestamp-based password authentication scheme," Computers & Security, vol. 21, no. 1, pp. 74--76, 2002.
[3]
L. Fan, J. H. Li and H. W. Zhu, "An enhancement of timestamp-based password authentication scheme," Computers & Security, vol. 21, no. 7, pp. 665--667, 2002.
[4]
B. Wang, J. H. Li and Z. P. Dong, "Cryptanalysis of an enhanced timestamp-based password authentication scheme," Computers & Security, vol. 22, no. 7, pp. 643--645, 2003.
[5]
K. F. Chen and S. Zhong, "Attacks on the (enhanced) Yang-Shieh authentication," Computers & Security, vol. 22, no. 8, pp. 725--727, 2003.
[6]
J. J. Shen, C. W. Lin, M. S. Hwang, "Security enhancement for the timestamp-based password authentication scheme using smart cards", Computers & Security, Vol 22, No 7, pp 591--595, 2003
[7]
H. M. Sun, H. T. Yeh, "Further cryptanalysis of a password authentication scheme with smart cards", IEICE Transactions and Communications, E86-B(4)(2003), pp 1412--1415.
[8]
Y. J. Wang and J. H. Li, "Security improvement on a timestamp-based password authentication scheme", IEEE Transactions on Consumer Electronics, Vol. 50, No. 2, pp. 580--582, May 2004.
[9]
C. C. Yang, H. W. Yang and R. C. Wang, "Cryptanalysis of Security Enhancement for the Timestamp-Based Password Authentication Scheme using Smart Cards", IEEE Transactions on Consumer Electronics, Vol. 50, No. 2, MAY 2004.
[10]
R. Jiang, L. Pan, J. H. Li, "Further analysis of password authentication schemes based on authentication tests", Computers & Security (2004) 23, pp 469--477.
[11]
C. C. Yang, R. C. Wang, T. Y. Chang, "An improvement of the Yang-Shieh password authentication schemes", Applied Mathematics and Computation, 162 (2005), pp 1391--1396.
Index Terms
- Cryptanalysis and improvement on Yang-Shieh authentication schemes
Recommendations
Cryptanalysis and Improvement of a Certificateless Multi-proxy Signature Scheme
Certificateless cryptography is a new type of public key cryptography, which removes the certificate management problem in traditional public key cryptography and the key escrow problem in identity-based public key cryptography. Multi-proxy signature is ...
An improvement of the Yang-Shieh password authentication schemes
Recently, Yang and Shieh proposed two password authentication schemes by employing smart cards. One is a timestamp-based password authentication scheme and the other is a nonce-based password authentication scheme. In 2002, Chan and Cheng pointed out ...
Cryptanalysis of some signature schemes with message recovery
The notion of a self-certified public key was introduced by Girault in 1991. Recently, Tseng, Jan and Chien proposed a digital signature scheme with message recovery and some variants extended from the self-certified public key system proposed by ...
Comments
Information & Contributors
Information
Published In
October 2006
389 pages
ISBN:1595936041
DOI:10.1145/1501434
- General Chair:
- Greg Sprague,
- Program Chairs:
- Bernadette Schell,
- Wilfred Fong
Copyright © 2006 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 30 October 2006
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
PST06
PST06: International Conference on Privacy, Security and Trust
October 30 - November 1, 2006
Ontario, Markham, Canada
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 101Total Downloads
- Downloads (Last 12 months)1
- Downloads (Last 6 weeks)0
Reflects downloads up to 15 Oct 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in