INFORMATICA

Informatica

0868-49520868-4952

inf18102

10.15388/Informatica.2007.160

Research article

A Secure YS-Like User Authentication Scheme

Chen

Tzung-Her

thchen@mail.ncyu.edu.twHorng

Gwoboa

Ke-Chiang

Department of Computer Science and Information Engineering, National Chiayi University, 300 University Road, Chia-Yi City, Taiwan 600, R.O.C.Institute of Computer Science, National Chung-Hsing University, 250 Kuo-Kuang Road, Taichung 402, Taiwan, R.O.C.

01012007

181273601082005

Recently, there are several articles proposed based on Yang and Shieh's password authentication schemes (YS for short) with the following features: (1) A user can choose password freely. (2) The server does not need to maintain a password table. (3) There is no need to involve a trusted third party. Although there were several variants of the YS-like schemes claimed to address the forgery attacks, this paper analyzes their security and shows that they still suffer from forgery attacks. Furthermore, a new scheme based on the concept of message authentication is proposed to foil the forgery attack.

Keywordsremote user authenticationforgery attackpasswordsmart cardmessage authenticationmutual authentication