Robust and Simple Authentication Protocol for Secure Communication on the Web
User authentication is an important part of security, along with confidentiality and integrity, for systems that allow remote access over untrustworthy networks, such as the Internet Web environment. In 2005, Chien-Wang-Yang (CWY) pointed out that Chien-Jan’s ROSI protocol required state synchronization between the client and the server, and then its state-synchronization property was vulnerable to the Denial of Service (DoS) attack. Furthermore, they proposed an improved protocol that conquered the weaknesses and extended its key agreement functions, and improved the server’s performance. Nevertheless, CWY’s improved ROSI protocol does not provide perfect forward secrecy and is vulnerable to a Denning-Sacco attack. Accordingly, the current paper demonstrates that CWY’s protocol does not provide perfect forward secrecy and is susceptible to a Denning-Sacco attack. We then present an enhanced protocol to isolate such problems.
KeywordsCryptography Security Authentication Smart card Key establishment Forward Secrecy Denning-Sacco attack
- 1.Menezes, A.J., Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptograph. CRC Press, New York (1997)Google Scholar
- 3.Sandirigama, M., Shimizu, A., Noda, M.T.: Simple and Secure Password Authentication Protocol (SAS). IEICE Transactions on Communications E83-B(6), 1363–1365 (2000)Google Scholar
- 4.Kamioka, T., Shimizum, A.: The Examination of the Security of SAS One-time Password Authentication. IEICE Technical Report. OFS2001-48. No. 435, pp. 53–58 (2001)Google Scholar
- 5.Lin, C.L., Sun, H.M., Hwang, T.: Attacks and Solutions on Strong-password Authentication. IEICE Transactions on Communications E84-B(9), 2622–2627 (2001)Google Scholar