Journal:Informatica
Volume 21, Issue 3 (2010), pp. 349–359
Abstract
In this paper, we propose a mutual authentication scheme using nonce variable instead of Mac address and accompanying with token updates to improve the functionality. Lee et al. (2005a) and Shi et al. (2006) proposed the site authentication schemes by using the generating random numbers. The site authentication can identify a personal computer using LAN card's Mac address, but the Mac address is easily detected through Address Resolution Protocol in the Open Systems Interconnection model. Therefore, we propose an improved securer and efficient nonce-based authentication scheme providing mutual authentication to resist the replay attack, man-in-the-middle attack and Mac address attack.
Journal:Informatica
Volume 18, Issue 1 (2007), pp. 27–36
Abstract
Recently, there are several articles proposed based on Yang and Shieh's password authentication schemes (YS for short) with the following features: (1) A user can choose password freely. (2) The server does not need to maintain a password table. (3) There is no need to involve a trusted third party. Although there were several variants of the YS-like schemes claimed to address the forgery attacks, this paper analyzes their security and shows that they still suffer from forgery attacks. Furthermore, a new scheme based on the concept of message authentication is proposed to foil the forgery attack.