Password authentication schemes allow a user or client to log into a remote server if the identity of the user or client is successfully authenticated by the system server. Authentication is done by supplying a correct password of the user to the server. Research on how one can protect the password from an adversary in such schemes have become more and more crucial in this era of technology. In 1999, Yang and Shieh proposed two password authentication schemes; timestamp-based and nonce-based schemes. However, in 2005, Kim et al. showed that these schemes are insecure and proposed an improvement. Later in 2009, Liu and Zhong successfully proved Kim’s improved version also to be insecure butsuggested no further improvement. In this paper, we improve Kim et al.’s timestamp-based scheme and show that the improved version is secure against attacks found by Kim et al. and Liu &Zhong.

This content is only available via PDF.
You do not currently have access to this content.