Cryptanalysis on One-Time Password Authentication Schemes Using Counter Value
Summary :
The Internet and mobile communication systems are being developed, and related applications for managing personal information require user authentication for confirming legitimate users. One-time password authentication methods secure user's authorities by changing the verifier every time. The S/Key is a famous one-time password authentication scheme, which is based on Lamport's scheme. T.-C. Yeh et al. have point out security problems of the S/Key scheme and have proposed a variant of the S/Key scheme, which can be applied to smart cards. However, this method risks certain attacks, too. Those two proposed schemes use counter value, which can easily be modified by an attacker. Herein we discuss security problems of the S/Key and Yeh-Shen-Hwang's password authentication schemes using forgery attacks and stolen-verifier attacks.
- Publication
- IEICE TRANSACTIONS on Communications Vol.E87-B No.6 pp.1756-1759
- Publication Date
- 2004/06/01
- Publicized
- Online ISSN
- DOI
- Type of Manuscript
- LETTER
- Category
- Internet
Authors
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Takasuke TSUJI, Akihiro SHIMIZU, "Cryptanalysis on One-Time Password Authentication Schemes Using Counter Value" in IEICE TRANSACTIONS on Communications,
vol. E87-B, no. 6, pp. 1756-1759, June 2004, doi: .
Abstract: The Internet and mobile communication systems are being developed, and related applications for managing personal information require user authentication for confirming legitimate users. One-time password authentication methods secure user's authorities by changing the verifier every time. The S/Key is a famous one-time password authentication scheme, which is based on Lamport's scheme. T.-C. Yeh et al. have point out security problems of the S/Key scheme and have proposed a variant of the S/Key scheme, which can be applied to smart cards. However, this method risks certain attacks, too. Those two proposed schemes use counter value, which can easily be modified by an attacker. Herein we discuss security problems of the S/Key and Yeh-Shen-Hwang's password authentication schemes using forgery attacks and stolen-verifier attacks.
URL: https://global.ieice.org/en_transactions/communications/10.1587/e87-b_6_1756/_p
Copy
@ARTICLE{e87-b_6_1756,
author={Takasuke TSUJI, Akihiro SHIMIZU, },
journal={IEICE TRANSACTIONS on Communications},
title={Cryptanalysis on One-Time Password Authentication Schemes Using Counter Value},
year={2004},
volume={E87-B},
number={6},
pages={1756-1759},
abstract={The Internet and mobile communication systems are being developed, and related applications for managing personal information require user authentication for confirming legitimate users. One-time password authentication methods secure user's authorities by changing the verifier every time. The S/Key is a famous one-time password authentication scheme, which is based on Lamport's scheme. T.-C. Yeh et al. have point out security problems of the S/Key scheme and have proposed a variant of the S/Key scheme, which can be applied to smart cards. However, this method risks certain attacks, too. Those two proposed schemes use counter value, which can easily be modified by an attacker. Herein we discuss security problems of the S/Key and Yeh-Shen-Hwang's password authentication schemes using forgery attacks and stolen-verifier attacks.},
keywords={},
doi={},
ISSN={},
month={June},}
Copy
TY - JOUR
TI - Cryptanalysis on One-Time Password Authentication Schemes Using Counter Value
T2 - IEICE TRANSACTIONS on Communications
SP - 1756
EP - 1759
AU - Takasuke TSUJI
AU - Akihiro SHIMIZU
PY - 2004
DO -
JO - IEICE TRANSACTIONS on Communications
SN -
VL - E87-B
IS - 6
JA - IEICE TRANSACTIONS on Communications
Y1 - June 2004
AB - The Internet and mobile communication systems are being developed, and related applications for managing personal information require user authentication for confirming legitimate users. One-time password authentication methods secure user's authorities by changing the verifier every time. The S/Key is a famous one-time password authentication scheme, which is based on Lamport's scheme. T.-C. Yeh et al. have point out security problems of the S/Key scheme and have proposed a variant of the S/Key scheme, which can be applied to smart cards. However, this method risks certain attacks, too. Those two proposed schemes use counter value, which can easily be modified by an attacker. Herein we discuss security problems of the S/Key and Yeh-Shen-Hwang's password authentication schemes using forgery attacks and stolen-verifier attacks.
ER -
English
