Robust and Simple Authentication Protocol for Secure Communication on the Web

  • Eun-Jun Yoon
  • Woo-Hun Kim
  • Kee-Young Yoo
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3579)


User authentication is an important part of security, along with confidentiality and integrity, for systems that allow remote access over untrustworthy networks, such as the Internet Web environment. In 2005, Chien-Wang-Yang (CWY) pointed out that Chien-Jan’s ROSI protocol required state synchronization between the client and the server, and then its state-synchronization property was vulnerable to the Denial of Service (DoS) attack. Furthermore, they proposed an improved protocol that conquered the weaknesses and extended its key agreement functions, and improved the server’s performance. Nevertheless, CWY’s improved ROSI protocol does not provide perfect forward secrecy and is vulnerable to a Denning-Sacco attack. Accordingly, the current paper demonstrates that CWY’s protocol does not provide perfect forward secrecy and is susceptible to a Denning-Sacco attack. We then present an enhanced protocol to isolate such problems.


Cryptography Security Authentication Smart card Key establishment Forward Secrecy Denning-Sacco attack 


  1. 1.
    Menezes, A.J., Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptograph. CRC Press, New York (1997)Google Scholar
  2. 2.
    Lin, C.L., Hwang, T.: A Password Authentication Scheme with Secure Password Updation. Computers & Security 22(1), 68–72 (2003)CrossRefGoogle Scholar
  3. 3.
    Sandirigama, M., Shimizu, A., Noda, M.T.: Simple and Secure Password Authentication Protocol (SAS). IEICE Transactions on Communications E83-B(6), 1363–1365 (2000)Google Scholar
  4. 4.
    Kamioka, T., Shimizum, A.: The Examination of the Security of SAS One-time Password Authentication. IEICE Technical Report. OFS2001-48. No. 435, pp. 53–58 (2001)Google Scholar
  5. 5.
    Lin, C.L., Sun, H.M., Hwang, T.: Attacks and Solutions on Strong-password Authentication. IEICE Transactions on Communications E84-B(9), 2622–2627 (2001)Google Scholar
  6. 6.
    Peyret, P., Lisimaque, G., Chua, T.Y.: Smart Cards Provide Very High Security and Flexibility in Subscribers Management. IEEE Transactions on Consumer Electronics 36(3), 744–752 (1990)CrossRefGoogle Scholar
  7. 7.
    Sternglass, D.: The Future Is in the PC Cards. IEEE Spectrum 29(6), 46–50 (1992)CrossRefGoogle Scholar
  8. 8.
    Chien, H.Y., Jan, J.K.: Robust and Simple Authentication Protocol. The Computer Journal 46(2), 193–201 (2003)zbMATHCrossRefGoogle Scholar
  9. 9.
    Chien, H.Y., Wang, R.C., Yang, C.C.: Note on Robust and Simple Authentication Protocol. The Computer Journal 48(1), 27–29 (2005)CrossRefGoogle Scholar
  10. 10.
    Steiner, M., Tsudik, G., Waidner, M.: Refinement and Extension of Encrypted Key Exchange. ACM Operating Systems Review 29(3), 22–30 (1995)CrossRefGoogle Scholar
  11. 11.
    Denning, D., Sacco, G.: Timestamps in Key Distribution Systems. Communications of the ACM 24, 533–536 (1981)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Eun-Jun Yoon
    • 1
  • Woo-Hun Kim
    • 2
  • Kee-Young Yoo
    • 1
  1. 1.Department of Computer EngineeringKyungpook National UniversityDaeguRepublic of Korea
  2. 2.Department of Information SecurityKyungpook National UniversityDaeguRepublic of Korea

Personalised recommendations