Pub. online:5 Aug 2022Type:Research ArticleOpen Access
Volume 16, Issue 2 (2005), pp. 285–294
Recently, Yang et al. proposed an improvement to Tseng et al.’s protected password changing scheme that can withstand denial of service attack. However, the improved scheme is still susceptible to stolen-verifier attack and denial of service attack. Accordingly, the current paper demonstrates the vulnerability of Yang et al.’s scheme to two simple attacks and presents an improved protected password change scheme to resolve such problems. In contrast to Yang et al.’s protected password changing scheme and the existing password change schemes using server’s public key, the proposed scheme can securely update user passwords without a complicated process and server’s public key.
Volume 15, Issue 2 (2004), pp. 251–270
A new digital signature scheme in non‐commutative Gaussian monoid is presented. Two algebraic structures are employed: Gaussian monoid and a certain module being compatible with a monoid. For both monoid and module, presentation and action level attributes are defined. Monoid action level is defined as monoid element (word) action on module element as an operator. A module is a set of functions (elements) with special properties and could be treated as some generalization of vector space.
Signature scheme is based on the one‐way functions (OWF) design using: three recognized hard problems in monoid presentation level, one postulated hard problem in monoid action level and one provable hard problem in module action level.
For signature creation and verification the word equivalence problem is solved in monoid action level thus avoiding solving it in monoid presentation level. Then the three recognized hard problems in monoid presentation level can be essentially as hard as possible to increase signature security. Thus they do not influence on the word problem complexity and, consequently, on the complexity of signature realization.
The investigation of signature scheme security against four kind of attacks is presented. It is shown that the signature has a provable security property with respect to the list of attacks presented here, which are postulated to be complete.
Volume 14, Issue 4 (2003), pp. 551–558
Recently, Tseng et al. proposed an improvement on Peyravian and Zunic's protected password transmission scheme and protected changing scheme to remove some security flaws. However, as we will point out in this paper, any adversary can intercept the request for changing the password sent by a legal user and modify it with a wrong password. Furthermore, we shall also propose an improved version of their protected password changing scheme to help it out of the trouble.
Volume 12, Issue 3 (2001), pp. 469–476
Peyravian and Zunic (2000) proposed a password transmission scheme and a password change scheme over an insecure network. Their proposed solutions do not require the use of any symmetric-key or public-key cryptosystems. However, this article points out that their schemes have several security flaws for practical applications. A slight improvement on their schemes is proposed in this paper to remove the security flaws.