Informatica

Recently, Yang et al. proposed an improvement to Tseng et al.’s protected password changing scheme that can withstand denial of service attack. However, the improved scheme is still susceptible to stolen-verifier attack and denial of service attack. Accordingly, the current paper demonstrates the vulnerability of Yang et al.’s scheme to two simple attacks and presents an improved protected password change scheme to resolve such problems. In contrast to Yang et al.’s protected password changing scheme and the existing password change schemes using server’s public key, the proposed scheme can securely update user passwords without a complicated process and server’s public key.

User anonymity is very important security technique in distributed computing environments that an illegal entity cannot determine any information concerning the user's identity. In 2006, Kumar–Rajendra proposed a Secure Identification and Key agreement protocol with user Anonymity (SIKA). This paper demonstrates the vulnerability of the SIKA protocol and then presents an improvement to repair the security flaws of the SIKA protocol.

This paper presents an entire chaos-based biometric remote user authentication scheme on tokens without using passwords. The proposed scheme is based on the chaotic hash function and chaotic pseudo-random number generator to provide secure mutual authentication over an insecure channel between the user and remote server. Compared with the related biometric authentication schemes, the proposed scheme does not require the user password to provide convenience to users. It also does not require time synchronization or delay-time limitations between the user and remote server to resolve time synchronization problems.

Secure communication between set-top boxes (STBs) and smart cards is directly related to the benefit of the service providers and the legal rights of users, while key exchange is the essential part of a secure communication. In 2004, Jiang et al. proposed a key exchange protocol for STBs and smart cards based upon Schnorr's digital signature protocol and a one-way hash function. This paper, however, demonstrates that Jiang et al.'s protocol is vulnerable to an impersonation attack and does not provide perfect forward secrecy. In addition, in order to isolate such problems, we present a new secure key exchange protocol based on a one-way hash function and Diffie–Hellman key exchange algorithm.