Weaknesses of Two SAS-Like Password Authentication Schemes

Min-Hung CHIANG  Wei-Chi KU  

IEICE TRANSACTIONS on Communications   Vol.E89-B   No.2   pp.594-597
Publication Date: 2006/02/01
Online ISSN: 1745-1345
DOI: 10.1093/ietcom/e89-b.2.594
Print ISSN: 0916-8516
Type of Manuscript: LETTER
Category: Fundamental Theories for Communications
denial-of-service attack,  password authentication,  reparability,  smart card,  

Full Text: PDF(69.9KB)>>
Buy this Article

In 2000, Sandirigama, Shimizu, and Noda proposed a simple password authentication scheme, SAS. However, SAS was later found to be flawed. Recently, Chen, Lee, Horng proposed two SAS-like schemes, which were claimed to be more secure than similar schemes. Herein, we show that both their schemes are still vulnerable to denial-of-service attacks. Additionally, Chen-Lee-Horng's second scheme is not easily reparable.