Download now Free registration required
Password-based user-authentication schemes have been widely used when users access a server to avail internet services. Multiserver password-authentication schemes enable remote users to obtain service from multiple servers without separately registering with each server. In 2008, Jia-Lun Tsai proposed an improved and efficient password-authenticated key agreement scheme for a multiserver architecture based on Chang-Lee's scheme proposed in 2004. However, the authors found that Tsai's scheme does not provide forward secrecy and is weak to insider impersonation and denial of service attacks. This paper describes the drawbacks of Tsai's scheme and provides a countermeasure to satisfy the forward secrecy property.
- Format: PDF
- Size: 151.1 KB