Jin Kwak , Soo Hyun Oh , Hyung Kyu Yang , Dong Ho Won

The KIPS Transactions:PartC, Vol. 11, No. 4, pp. 439-446, Aug. 2004
10.3745/KIPSTC.2004.11.4.439,   PDF Download:

Abstract

In the Internet, user authentication is the most important service in secure communications. Although password-based mechanism is the most widely used method of the user authentication in the network, people are used to choose easy-to-remember passwords, and thus suffers from some innate weaknesses. Therefore, using a memorable password is vulnerable to the dictionary attacks. The techniques used to prevent dictionary attacks bring about a heavy computational workload. In this paper, we describe a recent solution, the Optimal Strong-Password Authentication (OSPA) protocol, and that it is vulnerable to the stolen-verifier attack and an impersonation attack. Then, we propose an Improved Optimal Strong-Password Authentication (I-OSPA) protocol, which is secure against stolen-verifier attack and impersonation attack. Also, since the cryptographic operations are computed by the processor in the smart card, the proposed I-OSPA needs relatively low computational workload and communicational workload for user.

Statistics
Cite this article