Pub. online:5 Aug 2022Type:Research ArticleOpen Access
Journal:Informatica
Volume 16, Issue 2 (2005), pp. 285–294
Abstract
Recently, Yang et al. proposed an improvement to Tseng et al.’s protected password changing scheme that can withstand denial of service attack. However, the improved scheme is still susceptible to stolen-verifier attack and denial of service attack. Accordingly, the current paper demonstrates the vulnerability of Yang et al.’s scheme to two simple attacks and presents an improved protected password change scheme to resolve such problems. In contrast to Yang et al.’s protected password changing scheme and the existing password change schemes using server’s public key, the proposed scheme can securely update user passwords without a complicated process and server’s public key.
Pub. online:1 Jan 2018Type:Research ArticleOpen Access
Journal:Informatica
Volume 29, Issue 4 (2018), pp. 651–673
Abstract
This paper suggests a new fast colour image cipher to meet the increasing demand for secure online image communication applications. Unlike most other existing approaches using a permutation-substitution network, the proposed algorithm consists of only a single substitution part. The keystream sequence is generated from a 4-D hyperchaotic system, whose initial conditions are determined by both the secret key and the SHA-224 cryptographic hash value of the plain-image. Favoured by the avalanche effect of hash functions, totally different keystream sequences will be generated for different images. Consequently, desired diffusion effect can be achieved after only a single round of substitution operation, whereas at least two encryption rounds are required by the state-of-the-art permutation-substitution type image ciphers. We also demonstrate the computational efficiency of the proposed algorithm by comparing it with the AES encryption algorithm. A thorough security analysis is carried out in detail, demonstrating the satisfactory security of the proposed algorithm.
Journal:Informatica
Volume 14, Issue 2 (2003), pp. 195–204
Abstract
In an internet environment, such as UNIX, a remote user has to obtain the access right from a server before doing any job. The procedure of obtaining acess right is called a user authentication protocol. User authentication via user memorable password provides convenience without needing any auxiliary devices, such as smart card. A user authentication protocol via username and password should basically withstand the off‐line password guessing attack, the stolen verifier attack, and the DoS attack. Recently, Peyravian and Zunic proposed one password transmission protocol and one password change protocol. Later, Tseng et al. (2001) pointed out that Peyravian and Zunic's protocols can not withstand the off‐line password guessing attack, and therefore proposed an improved protocol to defeat the attack. Independently, Hwang and Yeh also showed that Peyravian and Zunic's protocols suffer from some secury flaws, and an improved protocol was also presented. In this paper, we show that both Peyravian and Zunic's protocols and Tseng et al.'s improved protocol are insecure against the stolen verifier attack. Moreover, we show that all Peyravian and Zunic's, Tseng et al.'s, and Hwang and Yeh's protocols are insecure against DoS attack.
Journal:Informatica
Volume 12, Issue 3 (2001), pp. 469–476
Abstract
Peyravian and Zunic (2000) proposed a password transmission scheme and a password change scheme over an insecure network. Their proposed solutions do not require the use of any symmetric-key or public-key cryptosystems. However, this article points out that their schemes have several security flaws for practical applications. A slight improvement on their schemes is proposed in this paper to remove the security flaws.