Cryptanalysis on One-Time Password Authentication Schemes Using Counter Value

Takasuke TSUJI

IEICE TRANSACTIONS on Communications   Vol.E87-B    No.6    pp.1756-1759
Publication Date: 2004/06/01
Online ISSN: 
Print ISSN: 0916-8516
Type of Manuscript: LETTER
Category: Internet
authentication,  one-time password,  attack,  smart card,  counter value,  

Full Text: PDF(73.6KB)>>
Buy this Article

The Internet and mobile communication systems are being developed, and related applications for managing personal information require user authentication for confirming legitimate users. One-time password authentication methods secure user's authorities by changing the verifier every time. The S/Key is a famous one-time password authentication scheme, which is based on Lamport's scheme. T.-C. Yeh et al. have point out security problems of the S/Key scheme and have proposed a variant of the S/Key scheme, which can be applied to smart cards. However, this method risks certain attacks, too. Those two proposed schemes use counter value, which can easily be modified by an attacker. Herein we discuss security problems of the S/Key and Yeh-Shen-Hwang's password authentication schemes using forgery attacks and stolen-verifier attacks.