Secure SAS-like password authentication schemes

Recently, there are several articles proposed for the so-called SAS password authentication scheme with lower storage, processing, and transmission overheads. For benefiting from these advantages, there are a series of researches on the SAS-like schemes. However, as knowledge of cryptanalysis has involved, a series of modification have been made. Unfortunately, those enhancements have still security flaws. In this paper, a security issue is found in the latest modification and removed to form a new one. The proposed schemes not only keep the original advantages but also highlight a feature, mutual authentication between a user and a remote server, found in many authentication protocols but not found in the SAS-like schemes. (C) 2004 Elsevier B.V. All tights reserved

Cryptanalysis and enhancement of authentication protocols

Authentication protocols play important roles in network security. A variety of authentication protocols ranging from complex public-key cryptosystems to simple password-based authentication schemes have been proposed. However, currently there is no fully secure authentication scheme that can resist all known attacks. When a user authentication is performed over an insecure network, additional problems arise due to the fact that the communication may be intercepted, or even altered, by an attacker. In general, one cannot assume that there is a secure channel between the client and the server. In this dissertation, we present specific cryptanalytic attacks on existing protocols and show their vulnerabilities in order to design more secure protocols. In particular, we propose improved security schemes to overcome certain security defects with registration, login, and password/identifier-change schemes. We also propose new authentications schemes which are more secure against guessing, stolen-verifier, replay, denial-of-service, and impersonation attacks than the existing protocols