Efficient and secure password authentication schemes for low-power devices

Abstract

In 2003, Lin et al. proposed an improvement on the Optimal Strong-Password Authentication (OSPA) scheme to make the scheme withstand the stolen-verifier attack, using smart card. However, Ku et al. showed that Lin et al.'s scheme is vulnerable to the replay and the denial of service attack. In 2004, Chen et al. proposed a secure SAS-like password authentication schemes. Their schemes can protect a system against replay and denial-of-service attacks. In this paper, we propose two efficient and secure password authentication schemes which are able to withstand replay and denial-of-service attacks. The proposed schemes are more efficient than Chen et al.'s schemes in computation costs. Moreover, the proposed schemes can be implemented on most of target low-power devices such as smart cards and low-power Personal Digital Assistants in wireless networks.