Stolen-Verifier Attack on an Efficient Smartcard-Based One-Time Password Authentication Scheme

Wei-Chi KU  Hao-Chuan TSAI  Maw-Jinn TSAUR  

IEICE TRANSACTIONS on Communications   Vol.E87-B   No.8   pp.2374-2376
Publication Date: 2004/08/01
Online ISSN: 
Print ISSN: 0916-8516
Type of Manuscript: LETTER
Category: Fundamental Theories
smartcard,  password,  authentication,  S/KEY,  hash function,  

Full Text: PDF(69.6KB)>>
Buy this Article

Recently, Yeh, Shen, and Hwang proposed a smartcard-based one-time password authentication scheme as an improved version of S/KEY, and claimed that their scheme is superior to other similar schemes in security and efficiency. In this letter, we show that Yeh-Shen-Hwang's scheme is still vulnerable to a stolen-verifier attack that may cause serious security problems.