Abstract
Many password authentication schemes have been proposed for electronic commerce environment; however, none of them is secure enough. Hwang and Yeh proposed an improvement on the Peyravian-Zunic password authentication scheme including protected password transmission and password change. We demonstrate that the Hwang-Yeh scheme is also vulnerable to several kinds of attacks though the scheme has repaired some security problems of the Peyravianis-Zunic scheme. Furthermore, we propose an improved scheme to enhance security of their scheme in the paper. Based on collision-resistant hash function, the proposal employs techniques of salting, time stamp and trusted computing to be free from worries of possible common attacks, such as replay attack, guessing attack, stolen-verifier attack, denial of service attack, impersonation attack, and server spoofing attack. According to security analysis over insecure networks, the proposed scheme is the most secure scheme among the Peyravian-Zunic scheme, the Hwang-Yeh scheme, the Peyravian-Jeffries scheme, and the Wang-Zhang scheme.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
