Authenticated password is extensively used to ensure controlled access to the service providers over insecure networks. Many existed password authentication schemes use timestamps to avoid replay attacks. In this article, we argue these existed schemes need extra synchronized time mechanisms. With the expected delay-time limitation, these schemes can be influenced by forgery attacks. Furthermore, the article proposes an enhanced scheme to avoid the possible attacks. Without timestamps, the enhanced scheme providers the feature of mutual authentication and session key agreement between the user and the server.
Relation:
Journal of Discrete Mathematical Sciences & Cryptography 10(5):603-612
