Abstract:
In 2006, Ma et al. found flaws in the original and fixed versions of the PAP protocol by using a new knowledge based framework, and presented an enhanced PAP (M-PAP) protocol. In 2006 also, Yoon et al. proposed a secure password authentication protocol for wireless networks to fix the drawback of Ma et al.’s protocol. In this article, we will show that the Yoon et al.’s protocol is still vulnerable to both off-line password guessing attack and replay attack. We will present a new improved protocol to fix the flaw. As shown, the improved protocol is secure while the computation cost is quite low.