Comments on Three Multi-Server Authentication Protocols

نویسندگان

  • Yalin Chen
  • Jue-Sam Chou
  • Wen-Yi Tsai
چکیده

Recently, Tsai et al., Liao et al. and Li et al. each proposed a multi-server authentication protocol. They claimed their protocols are secure and can withstand various attacks. However, we found some security loopholes in each of their schemes, for example, both Tsai et al.’s and Liao et al.‘s schemes suffers from server spoofing attack by an insider server. Li et al.s’ suffers from the lost smart card password-guessing attack. In addition, Liao et al.‘s scheme also has the off-line password-guessing attack. In this paper, we will first review then show the attacks on each of the schemes. Then, based on Li et al.’s scheme, we proposed a novel one and examined its security in several security features. After security analysis, we concluded that our protocol outperformed Li et al.’s scheme in the security feature of lost smart card password-guessing attack.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Comments on two multi-server authentication protocols

Recently, Tsai and Liao et al. each proposed a multi-server authentication protocol. They claimed their protocols are secure and can withstand various attacks. But we found some security loopholes in each protocol. We will show the attacks on their schemes.

متن کامل

Comments on four multi-server authentication protocols using smart card

Recently, researchers have proposed several nice multi-server authentication protocols. They claim that their protocols are secure and can withstand various attacks. However, after reviewing their schemes, we found that they although are perfect whereas flawed. Due to this observation, in this paper, we list the weakness found in these recent literatures.

متن کامل

Process algebraic modeling of authentication protocols for analysis of parallel multi-session executions

Many security protocols have the aim of authenticating one agent acting as initiator to another agent acting as responder and vice versa. Sometimes, the authentication fails because of executing several parallel sessions of a protocol, and because an agent may play both the initiator and responder role in parallel sessions. We take advantage of the notion of transition systems to specify authen...

متن کامل

An ECC-Based Mutual Authentication Scheme with One Time Signature (OTS) in Advanced Metering Infrastructure

Advanced metering infrastructure (AMI) is a key part of the smart grid; thus, one of the most important concerns is to offer a secure mutual authentication.  This study focuses on communication between a smart meter and a server on the utility side. Hence, a mutual authentication mechanism in AMI is presented based on the elliptic curve cryptography (ECC) and one time signature (OTS) consists o...

متن کامل

Dynamic Identity Based Authentication Protocol for Two-Server Architecture

Most of the password based authentication protocols make use of the single authentication server for user’s authentication. User’s verifier information stored on the single server is a main point of susceptibility and remains an attractive target for the attacker. On the other hand, multi-server architecture based authentication protocols make it difficult for the attacker to find out any signi...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • IACR Cryptology ePrint Archive

دوره 2013  شماره 

صفحات  -

تاریخ انتشار 2013