Optimal authentication protocols resistant to password guessing attacks
نویسنده
چکیده
Users are typically authenticated by their passwords. Because people are known to choose convenient passwords, which tend to be easy to guess, authenti-cation protocols have been developed that protect user passwords from guessing attacks. These proposed protocols , however, use more messages and rounds than those protocols that are not resistant to guessing attacks. This paper gives new protocols that are resistant to guessing attacks and also optimal in both messages and rounds, thus refuting the previous belief that protection against guessing attacks makes an authen-tication protocol inherently more expensive.
منابع مشابه
Cryptanalysis of a User Authentication Protocol
Recently, Peyravin and Jeffries proposed a password-based practical authentication scheme using oneway collision-resistant hash functions. However, Shim and Munilla independently showed that the scheme is vulnerable to off-line guessing attacks. Hölbl, Welzer and Brumenn presented an improved password-based protocols. In the paper, we showed that the improved scheme still suffers from off-line ...
متن کاملSecure Authentication Protocols Resistant to Guessing Attacks
Users are normally authenticated via their passwords in computer systems. Since people tend to choose passwords that can be easily remembered, the systems are under the threat of guessing attacks. Many authentication and key distribution protocols have been proposed to protect user passwords from guessing attacks. However, these protocols either are limited to some specific environments or incu...
متن کاملUndetectable On{line Password Guessing Attacks Undetectable On-line Password Guessing Attacks
Limited distribution notes: This report has been issued as a Research Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher its distribution outside the University of Technology Chemnitz-Zwickau prior to publication should be limited to peer communications and speciic requests. After outside publication, requests should be lled only by rep...
متن کاملAnalysis and Improvement of a User Authentication Improved Protocol
Remote user authentication always adopts the method of password to login the server within insecure network environments. Recently, Peyravin and Jeffries proposed a practical authentication scheme based on oneway collision-resistant hash functions. However, Shim and Munilla independently showed that the scheme is vulnerable to off-line guessing attacks. In order to remove the weakness, Hölbl, W...
متن کاملEfficient Three-Party Authentication and Key Agreement Protocols Resistant to Password Guessing Attacks
Three-party EKE was proposed to establish a session key between two clients through a server. However, three-party EKE is insecure against undetectable on-line and off-line password guessing attacks. In this paper, we first propose an enhanced three-party EKE to withstand the security risk in three-party EKE. We also propose a verifier-based three-party EKE that is more secure than a plaintext-...
متن کامل