New Robust Protocols for Remote User Authentication and Password Change
In 2008, Holbl et al. proposed improvements of Peyravian and Jeffries's DH (Diffie-Hellman)-based authentication protocol and password change protocol that can withstand the Shim's and Munilla et al.'s proposed off-line password guessing at-tacks. However, the authors found out that their protocols are still susceptible to off-line password guessing attacks and do not secure against stolen-verifier attacks. Accordingly, this paper shows the vulnerability of Holbl et al.'s improved protocols to off-line password guessing attacks and stolen-verifier attacks and then proposes new robust protocols for remote user authentication and password change to resolve such problems.