Information Technology Reference
In-Depth Information
g
x
, pw, newpw
(1) Replay attack: The attacker intercepts
id,
}
K
S
sent by the
client in Step (1) and uses it to impersonate the client when sending the next
login message. For a random challenge, however, the
g
x
and
g
y
separately
generated by the client and server are different every time, and the replay
of the client's old login message in Step (1) is encrypted under the server's
public key
K
S
. Furthermore, obtaining
x
and
y
is computationally infeasible,
as it is a discrete logarithm problem [5].
(2) Guessing attack: For a random challenge, the
g
x
generated by the client
is protected by the server's public key
K
S
. As such, no one can reveal
the
g
x
from the client's login message
{
}
K
S
without know-
ing the server's private key
K
. Hence, the attacker cannot verify the cor-
rectness of the guessed password by checking
{
g
x
, pw, newpw
g
x
,guess pw, newpw
{
}
K
S
=
}
K
S
without knowing
g
x
and
newpw
.
(3) Server data eavesdropping: Servers are always the target of attacks. An
attacker may acquire
vpw
=
H
(
id, pw, K
) stored in the server. Without
knowing the server's secret key
K
, however, the attacker cannot forge a
login request to pass authentication, as
pw
is hidden in
H
(
id, pw, K
)using
the server's secret key. Therefore, the correctness of the guessed password
cannot be verified by checking
H
(
id, guess pw, K
)=
vpw
.
(4) Server spoofing attack: The improved scheme uses the server's public key
K
S
to ensure that only the real server can decrypt the client's login message
{
g
x
, pw, newpw
{
}
K
S
. Only the real server can obtain
g
x
,
pw
and
newpw
from
the client's login message. After verifying the identity of the client, the server
then sends
C
1
and
C
2
to the client to achieve mutual authentication.
(5) Denial-of-Service attack: In the improved scheme, the client's new password,
newpw
, is also encrypted using the server's public key in Step (1). Therefore,
an attacker is unable to choose a random number to replace
newpw
.
(6) Mutual authentication: The improved scheme uses the Die-Hellman key
exchange algorithm [5] to provide mutual authentication. As a result, the
key is explicitly authenticated by a mutual confirmation session key.
(7) Perfect forward secrecy: In the improved scheme, since the Die-Hellman
key exchange algorithm is used to generate a session key
g
xy
, forward secrecy
is ensured, as an adversary with a compromised server private key
K
is only
able to obtain the
g
x
and
g
y
from an earlier session. In addition, it is also
computationally infeasible to obtain the session key
g
xy
from
g
x
and
g
y
,as
it is a discrete logarithm problem.
g
x
, pw, newpw
6Con lu on
The current paper demonstrated that Lin-Hwang's protected password authen-
tication scheme is vulnerable to server data eavesdropping and improvements
to isolate such a problem were presented. In contrast to Lin-Hwang's protected
password change scheme, the proposed scheme can simply update user pass-
words without the need of a complicated process, and it also provides explicit
key authentication in the case of a session key agreement.
