User authentication is necessary on the Internet and in mobile communications to protect the legal user's rights. One-time password authentication methods change the verifier every time by sending the present verifier along with the next verifier. However, such methods risk impersonation attacks because those protocols use two verifiers every session. The OSPA (Optimal Strong-Password Authentication) method is a one-time password method which prevents stolen-verifier problems, replay attacks, and denial of service attacks. In this letter, we devise an impersonation attack on the OSPA method and discuss how to break down the OSPA method.

The Internet and mobile communication systems are being developed, and related applications for managing personal information require user authentication for confirming legitimate users. One-time password authentication methods secure user's authorities by changing the verifier every time. The S/Key is a famous one-time password authentication scheme, which is based on Lamport's scheme. T.-C. Yeh et al. have point out security problems of the S/Key scheme and have proposed a variant of the S/Key scheme, which can be applied to smart cards. However, this method risks certain attacks, too. Those two proposed schemes use counter value, which can easily be modified by an attacker. Herein we discuss security problems of the S/Key and Yeh-Shen-Hwang's password authentication schemes using forgery attacks and stolen-verifier attacks.

Applications for transforming money or personal information are increasingly common on the Internet and in mobile communications. These applications require user authentication for confirming legal users. One-time password authentication methods change the verifier every time by sending the present verifier along with the next verifier. However, such methods risk attacks because those protocols use two verifiers every session. The SAS (Simple And Secure password authentication protocol) is a one-time password authentication method that the method uses a hash function five times, but it requires high overhead on low spec machines. In this paper, we propose a new method, SAS-2, which reduces overhead of hash function adaptation by 40%. This method has a mutual authentication phase, which maintains synchronous data communications in its authentication procedure. Moreover, SAS-2 can be applied to key-free systems.

Software applications for the transfer of money or personal information are increasingly common on the Internet. These applications require user authentication for confirming legitimate users. One-time password authentication methods risk a stolen-verifier problem or other steal attacks because the authentication on the Internet server stores the user's verifiers and secret keys. The SAS-2 (Simple And Secure password authentication protocol, ver.2) and the ROSI (RObust and SImple password authentication protocol) are secure password authentication protocols. However, we have found attacks on SAS-2 and ROSI. Here, we propose a new method which eliminates such problems without increasing the processing load and can perform high security level same as S/Key systems without resetting the verifier.