Enhancement of a timestamp-based password authentication scheme

Wenhua Qi; Qishan Zhang; Jianwei Liu

Enhancement of a timestamp-based password authentication scheme

Wenhua Qi^*
, Qishan Zhang
, Jianwei Liu

^*此作品的通讯作者

网络空间安全学院

Beihang University

科研成果: 期刊稿件 › 文章 › 同行评审

摘要

Yang and Shieh have proposed a timestamp-based password authentication scheme using smart card. The weakness of Yang and Shieh's scheme is submitting password in plaintext and not authenticating key information center(KIC) by user. The new scheme improved the process of registration, login, authentication and update password. The user submitted the password's hash value instead of the password's plaintext, and shared the secret information with the KIC. Submitting the password's hash value is the same as password in authentication, and avoiding the password's exposure. With the secret information, the user can authenticate the KIC. The new scheme can overcome all of the above vulnerabilities, can resist the forged login attack and never revel the privacy of user even if the server is attacked.

源语言	英语
页（从-至）	577-579
页数	3
期刊	Beijing Hangkong Hangtian Daxue Xuebao/Journal of Beijing University of Aeronautics and Astronautics
卷	33
期	5
出版状态	已出版 - 5月 2007

其它文件与链接

链接到 Scopus 的出版物

引用此

@article{26e8f733ec5c4377b30071a48d71540b,

title = "Enhancement of a timestamp-based password authentication scheme",

abstract = "Yang and Shieh have proposed a timestamp-based password authentication scheme using smart card. The weakness of Yang and Shieh's scheme is submitting password in plaintext and not authenticating key information center(KIC) by user. The new scheme improved the process of registration, login, authentication and update password. The user submitted the password's hash value instead of the password's plaintext, and shared the secret information with the KIC. Submitting the password's hash value is the same as password in authentication, and avoiding the password's exposure. With the secret information, the user can authenticate the KIC. The new scheme can overcome all of the above vulnerabilities, can resist the forged login attack and never revel the privacy of user even if the server is attacked.",

keywords = "Authentication, Forged login attack, Smart card, Timestamp-based",

author = "Wenhua Qi and Qishan Zhang and Jianwei Liu",

year = "2007",

month = may,

language = "英语",

volume = "33",

pages = "577--579",

journal = "Beijing Hangkong Hangtian Daxue Xuebao/Journal of Beijing University of Aeronautics and Astronautics",

issn = "1001-5965",

publisher = "Beijing University of Aeronautics and Astronautics (BUAA)",

number = "5",

}

TY - JOUR

T1 - Enhancement of a timestamp-based password authentication scheme

AU - Qi, Wenhua

AU - Zhang, Qishan

AU - Liu, Jianwei

PY - 2007/5

Y1 - 2007/5

N2 - Yang and Shieh have proposed a timestamp-based password authentication scheme using smart card. The weakness of Yang and Shieh's scheme is submitting password in plaintext and not authenticating key information center(KIC) by user. The new scheme improved the process of registration, login, authentication and update password. The user submitted the password's hash value instead of the password's plaintext, and shared the secret information with the KIC. Submitting the password's hash value is the same as password in authentication, and avoiding the password's exposure. With the secret information, the user can authenticate the KIC. The new scheme can overcome all of the above vulnerabilities, can resist the forged login attack and never revel the privacy of user even if the server is attacked.

AB - Yang and Shieh have proposed a timestamp-based password authentication scheme using smart card. The weakness of Yang and Shieh's scheme is submitting password in plaintext and not authenticating key information center(KIC) by user. The new scheme improved the process of registration, login, authentication and update password. The user submitted the password's hash value instead of the password's plaintext, and shared the secret information with the KIC. Submitting the password's hash value is the same as password in authentication, and avoiding the password's exposure. With the secret information, the user can authenticate the KIC. The new scheme can overcome all of the above vulnerabilities, can resist the forged login attack and never revel the privacy of user even if the server is attacked.

KW - Authentication

KW - Forged login attack

KW - Smart card

KW - Timestamp-based

UR - https://www.scopus.com/pages/publications/34347259563

M3 - 文章

AN - SCOPUS:34347259563

SN - 1001-5965

VL - 33

SP - 577

EP - 579

JO - Beijing Hangkong Hangtian Daxue Xuebao/Journal of Beijing University of Aeronautics and Astronautics

JF - Beijing Hangkong Hangtian Daxue Xuebao/Journal of Beijing University of Aeronautics and Astronautics

IS - 5

ER -

Enhancement of a timestamp-based password authentication scheme

摘要

其它文件与链接

指纹

引用此