Secure Authentication Protocols Resistant to Guessing Attacks

نویسندگان

  • Jia-Ning Luo
  • Shiuh-Pyng Shieh
  • Ji-Chiang Shen
چکیده

Users are normally authenticated via their passwords in computer systems. Since people tend to choose passwords that can be easily remembered, the systems are under the threat of guessing attacks. Many authentication and key distribution protocols have been proposed to protect user passwords from guessing attacks. However, these protocols either are limited to some specific environments or incur high computation and communication costs. In the paper, we first specify five common forms of guessing attacks, which are used to determine whether a protocol is vulnerable to those attacks. Based on these common forms, some guidelines are provided for developing secure protocols that can be used in both symmetric and asymmetric cryptosystems to defend against guessing attacks. Finally, we enhance the well-known authentication system Kerberos and propose two authentication and key distribution protocols, which are both resistant to guessing attacks.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

HMAC-Based Authentication Protocol: Attacks and Improvements

As a response to a growing interest in RFID systems such as Internet of Things technology along with satisfying the security of these networks, proposing secure authentication protocols are indispensable part of the system design. Hence, authentication protocols to increase security and privacy in RFID applications have gained much attention in the literature. In this study, security and privac...

متن کامل

Optimal authentication protocols resistant to password guessing attacks

Users are typically authenticated by their passwords. Because people are known to choose convenient passwords, which tend to be easy to guess, authenti-cation protocols have been developed that protect user passwords from guessing attacks. These proposed protocols , however, use more messages and rounds than those protocols that are not resistant to guessing attacks. This paper gives new protoc...

متن کامل

Analysis and Improvement of a User Authentication Improved Protocol

Remote user authentication always adopts the method of password to login the server within insecure network environments. Recently, Peyravin and Jeffries proposed a practical authentication scheme based on oneway collision-resistant hash functions. However, Shim and Munilla independently showed that the scheme is vulnerable to off-line guessing attacks. In order to remove the weakness, Hölbl, W...

متن کامل

A Secure Hash-Based Strong-Password Authentication Protocol Using One-Time Public-Key Cryptography

Secure communication is an important issue in networks and user authentication is a very important part of the security. Several strong-password authentication protocols have been introduced, but there is no fully secure authentication scheme that can resist all known attacks. We propose enhanced secure schemes with registration and login protocols, and add the “forget password” and password/ve...

متن کامل

Efficient Three-Party Authentication and Key Agreement Protocols Resistant to Password Guessing Attacks

Three-party EKE was proposed to establish a session key between two clients through a server. However, three-party EKE is insecure against undetectable on-line and off-line password guessing attacks. In this paper, we first propose an enhanced three-party EKE to withstand the security risk in three-party EKE. We also propose a verifier-based three-party EKE that is more secure than a plaintext-...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • J. Inf. Sci. Eng.

دوره 22  شماره 

صفحات  -

تاریخ انتشار 2006