A secure strong password authentication protocol

Nowadays, password-based authenticated protocol receives more and more attentions due to their convenience and practicality for service provider and end-users despite the user of passwords drawn from a space so small that an adversary might enumerate, offline, all possible passwords to get a correct one. Among the password-based schemes, a one-time password authentication scheme requires less computation and considers the limitations of mobile devices and it is suitable for computational constrained environments. Existing one-time password authentication scheme can be divided into two types, weak-password authentication scheme and strong-password authentication schemes. Compared to weak password, which can be guessed easily because of its low entropy, strong password has higher entropy and thus can not be guessed easily. Benefits from the strong password, lots of strong passwords schemes are proposed over pass ten years. However, many of them are lately proven insecure. In this paper, we review the recently W. C. Ku´s scheme and show an attack against his protocol. Later, we present a impovement strong password authentication scheme which is more secure than the original W. C. Ku´s schem.