A Secure YS-Like User Authentication Scheme
Volume 18, Issue 1 (2007), pp. 27–36
Pub. online: 1 January 2007
Type: Research Article
Received
1 August 2005
1 August 2005
Published
1 January 2007
1 January 2007
Abstract
Recently, there are several articles proposed based on Yang and Shieh's password authentication schemes (YS for short) with the following features: (1) A user can choose password freely. (2) The server does not need to maintain a password table. (3) There is no need to involve a trusted third party. Although there were several variants of the YS-like schemes claimed to address the forgery attacks, this paper analyzes their security and shows that they still suffer from forgery attacks. Furthermore, a new scheme based on the concept of message authentication is proposed to foil the forgery attack.