期刊名称:International Journal of Security and Its Applications
印刷版ISSN:1738-9976
出版年度:2007
卷号:1
期号:2
出版社:SERSC
摘要:In 2003, Yang, Chang, and Hwang proposed an enhanced scheme of Peyravivan-Zunic’s password authentication scheme by using the Diffie-Hellman scheme. Later, Yoon, Ryu, and Yoo demonstrated that Yang-Chang-Hwang’s scheme is vulnerable to a stolen-verifier attack and a denial-of-service attack, and then proposed an improved scheme. In this paper, we show that Yoon-Ryu-Yoo’s scheme is still vulnerable to a stolen-verifier attack and a server spoofing attack under some reasonable assumption. In addition, we propose an improved scheme to eliminate such security flaws.
