Weakness and solution of Yang et al.’s protected password changing scheme

摘要

Recently, Yang et al. proposed an improvement to Tseng et al.’s protected password changing scheme that can withstand denial of service attack. However, the improved scheme is still susceptible to stolen-verifier attack and denial of service attack. Accordingly, the current paper demonstrates the vulnerability of Yang et al.’s scheme to two simple attacks and presents a new protected password change scheme using a public server key to resolve such problems. In contrast to Yang et al.’s protected password changing scheme, the proposed scheme can simply update user passwords without a complicated process, and also provides explicit key authentication and perfect forward secrecy in the case of a session key agreement.