Password authentication protocols range from complex public-key cryptosystems to simple hash-based password authentication schemes. One common feature of these protocols is that the user's identity is transmitted in plain during the authentication process, which allows an attacker to monitor the user's activities. In many cases, the user's anonymity is a desirable security feature. In this paper, we propose a hash-based Strong Password Authentication Protocol with user Anonymity (SPAPA). We also analyze the security of our proposed scheme against known attacks.
Kumar V. Mangipudi, Rajendra S. Katti