We analyze and improve the security of the efficient password-based authentication protocol that has been proposed recently in the Australasian Conference on Information Security and Privacy (ACISP) 2003. Its distinct idea is to utilize two generators of a certain cyclic group for efficiency, while the protocol is vulnerable to the server compromise attack on the contrary to the original assumption. Fortunately, we improve its security in this paper and also remark on its extended version called EPA+.
Bibliographical noteFunding Information:
Manuscript received April 3, 2004. The associate editor coordinating the review of this letter and approving it for publication was Prof. Chuan-Kun Wu. This work was supported in part by Grant R08-2003-000-11029-0 from the Basic Research Program of the Korea Science & Engineering Foundation. T. Kwon is with the Faculty of the School of Computer Engineering, Sejong University, Seoul, Korea (e-mail: email@example.com). Y. Park is with the Faculty of Sejong Cyber University, Seoul, Korea. H. Lee is with the Faculty of the Department of Mathematics, Kangnam University, Yong-In, Korea. Digital Object Identifier 10.1109/LCOMM.2005.01032.
All Science Journal Classification (ASJC) codes
- Modelling and Simulation
- Computer Science Applications
- Electrical and Electronic Engineering