International Association for Cryptologic Research (IACR)
Abstract
Recently, M. Hölbl et al. and I. E. Liao et al. each proposed an user
authentication protocol. Both claimed that their schemes can withstand
password guessing attack. However, T. Xiang et al. pointed out
I. E. Liao et al.\u27s protocol suffers three kinds of attacks, including
password guessing attacks. We present an improvement protocol to get
rid of password guessing attacks. In this paper, we first point out
the security loopholes of M. Hölbl et al.\u27s protocol and review
T. Xiang et al.\u27s cryptanalysis on I. E. Liao et al.\u27s protocol. Then,
we present the improvements on M. Hölbl et al.\u27s protocol and
I. E. Liao et al.\u27s protocol, respectively