Premium
Cryptanalysis of Hsiang‐Shih's authentication scheme for multi‐server architecture
Author(s) -
Yeh KuoHui,
Lo N. W.,
Li Yingjiu
Publication year - 2011
Publication title -
international journal of communication systems
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.344
H-Index - 49
eISSN - 1099-1131
pISSN - 1074-5351
DOI - 10.1002/dac.1184
Subject(s) - computer science , computer security , spoofing attack , replay attack , challenge–response authentication , cryptanalysis , password , authentication protocol , session key , s/key , one time password , password cracking , computer network , cryptography , encryption
Abstract From user point of view, password‐based remote user authentication technique is one of the most convenient and easy‐to‐use mechanisms to provide necessary security on system access. As the number of computer crimes in modern cyberspace has increased dramatically, the robustness of password‐based authentication schemes has been investigated by industries and organizations in recent years. In this paper, a well‐designed password‐based authentication protocol for multi‐server communication environment, introduced by Hsiang and Shih, is evaluated. Our security analysis indicates that their scheme is insecure against session key disclosure , server spoofing attack , and replay attack and behavior denial . Copyright © 2010 John Wiley & Sons, Ltd.