Security Analysis of Three Password Authentication Schemes

Kyung-Ah Shim

doi:10.3217/jucs-017-11-1623

JUCS - Journal of Universal Computer Science 17(11): 1623-1633, doi: 10.3217/jucs-017-11-1623

Security Analysis of Three Password Authentication Schemes

Kyung-Ah Shim^‡

‡ National Institute for Mathematical Sciences, Daejeon, Republic of Korea

Corresponding author: Kyung-Ah Shim ( kashim@nims.re.kr )

This article is freely available under the J.UCS Open Content License.

Citation: Shim K-A (2011) Security Analysis of Three Password Authentication Schemes. JUCS - Journal of Universal Computer Science 17(11): 1623-1633. https://doi.org/10.3217/jucs-017-11-1623

Abstract

In this paper, we show that a verifier-based password authentication scheme and two remote user authentication schemes are insecure against several active attacks. These results demonstrate that no more password authentication schemes should be constructed with such ad-hoc methods, i.e, the formal design methodology using provable security should be employed.

Keywords

password-based authentication, verifier-based password authentication, remote user authentication, smart card, server-compromise attack