For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
Stolen-Verifier Attack on an Efficient Smartcard-Based One-Time Password Authentication Scheme
Wei-Chi KU Hao-Chuan TSAI Maw-Jinn TSAUR
IEICE TRANSACTIONS on Communications
Publication Date: 2004/08/01
Print ISSN: 0916-8516
Type of Manuscript: LETTER
Category: Fundamental Theories
smartcard, password, authentication, S/KEY, hash function,
Full Text: PDF(69.6KB)>>
Recently, Yeh, Shen, and Hwang proposed a smartcard-based one-time password authentication scheme as an improved version of S/KEY, and claimed that their scheme is superior to other similar schemes in security and efficiency. In this letter, we show that Yeh-Shen-Hwang's scheme is still vulnerable to a stolen-verifier attack that may cause serious security problems.