In 2000, Sandirigama, Shimizu, and Noda proposed a simple password authentication scheme, SAS. However, SAS was later found to be flawed. Recently, Chen, Lee, Horng proposed two SAS-like schemes, which were claimed to be more secure than similar schemes. Herein, we show that both their schemes are still vulnerable to denial-of-service attacks. Additionally, Chen-Lee-Horng's second scheme is not easily reparable.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Min-Hung CHIANG, Wei-Chi KU, "Weaknesses of Two SAS-Like Password Authentication Schemes" in IEICE TRANSACTIONS on Communications,
vol. E89-B, no. 2, pp. 594-597, February 2006, doi: 10.1093/ietcom/e89-b.2.594.
Abstract: In 2000, Sandirigama, Shimizu, and Noda proposed a simple password authentication scheme, SAS. However, SAS was later found to be flawed. Recently, Chen, Lee, Horng proposed two SAS-like schemes, which were claimed to be more secure than similar schemes. Herein, we show that both their schemes are still vulnerable to denial-of-service attacks. Additionally, Chen-Lee-Horng's second scheme is not easily reparable.
URL: https://global.ieice.org/en_transactions/communications/10.1093/ietcom/e89-b.2.594/_p
Copy
@ARTICLE{e89-b_2_594,
author={Min-Hung CHIANG, Wei-Chi KU, },
journal={IEICE TRANSACTIONS on Communications},
title={Weaknesses of Two SAS-Like Password Authentication Schemes},
year={2006},
volume={E89-B},
number={2},
pages={594-597},
abstract={In 2000, Sandirigama, Shimizu, and Noda proposed a simple password authentication scheme, SAS. However, SAS was later found to be flawed. Recently, Chen, Lee, Horng proposed two SAS-like schemes, which were claimed to be more secure than similar schemes. Herein, we show that both their schemes are still vulnerable to denial-of-service attacks. Additionally, Chen-Lee-Horng's second scheme is not easily reparable.},
keywords={},
doi={10.1093/ietcom/e89-b.2.594},
ISSN={1745-1345},
month={February},}
Copy
TY - JOUR
TI - Weaknesses of Two SAS-Like Password Authentication Schemes
T2 - IEICE TRANSACTIONS on Communications
SP - 594
EP - 597
AU - Min-Hung CHIANG
AU - Wei-Chi KU
PY - 2006
DO - 10.1093/ietcom/e89-b.2.594
JO - IEICE TRANSACTIONS on Communications
SN - 1745-1345
VL - E89-B
IS - 2
JA - IEICE TRANSACTIONS on Communications
Y1 - February 2006
AB - In 2000, Sandirigama, Shimizu, and Noda proposed a simple password authentication scheme, SAS. However, SAS was later found to be flawed. Recently, Chen, Lee, Horng proposed two SAS-like schemes, which were claimed to be more secure than similar schemes. Herein, we show that both their schemes are still vulnerable to denial-of-service attacks. Additionally, Chen-Lee-Horng's second scheme is not easily reparable.
ER -