A New Password-Based Multi-server Authentication Scheme Robust to Password Guessing Attacks

被引：18

作者：

Tsai, Jia-Lun ^{[1
]}

Lo, Nai-Wei ^{[1
]}

Wu, Tzong-Chen ^{[1
,2
]}

机构：

[1] Natl Taiwan Univ Sci & Technol, Dept Informat Management, Taipei 106, Taiwan

[2] Natl Taiwan Univ Sci & Technol, Taiwan Informat Secur Ctr TWISC, Taipei 106, Taiwan

来源：

WIRELESS PERSONAL COMMUNICATIONS | 2013年 / 71卷 / 03期

关键词：

Password; Multi-server; Authentication scheme; Undetectable on-line password-guessing attack; WATERMARKING; ARCHITECTURE; IMPROVEMENT; PROTOCOL;

D O I：

10.1007/s11277-012-0918-6

中图分类号：

TN [电子技术、通信技术];

学科分类号：

0809 ;

摘要：

A multi-server authentication scheme is a useful authentication mechanism in which a remote user can access the services of multiple servers after registering with the registration center (RC). This study shows that the password-based multi-server authentication scheme proposed by Yeh and Lo is vulnerable to undetectable password-guessing attack and offline password-guessing attack. This study proposes a new password-based multi-server authentication scheme to overcome these vulnerabilities. The proposed protocol introduces a new mechanism for protecting user password. The RC sends an alternative key to help the server verify the legitimacy of user instead of the user's password. The values of these keys are changed with a random large nonce in each session. Therefore, the password-guessing attack cannot work successfully on the proposed scheme.

引用

页码：1977 / 1988

页数：12

共 50 条

[1] A New Password-Based Multi-server Authentication Scheme Robust to Password Guessing Attacks
Jia-Lun Tsai
Nai-Wei Lo
Tzong-Chen Wu
[J]. Wireless Personal Communications, 2013, 71 : 1977 - 1988
[2] Countermeasure on Password-Based Authentication Scheme for Multi-server Environments
Lee, Youngsook
Kim, Jiye
Won, Dongho
[J]. MULTIMEDIA AND UBIQUITOUS ENGINEERING, 2014, 308 : 459 - 466
[3] SSO password-based multi-server authentication protocol
Sood, Sandeep K.
Sarje, Anil K.
Singh, Kuldip
[J]. INTERNATIONAL JOURNAL OF COMMUNICATION NETWORKS AND DISTRIBUTED SYSTEMS, 2012, 9 (1-2) : 161 - 180
[4] A Threshold Multi-Server Protocol for Password-Based Authentication
Guan, Mengxiang
Song, Jiaxing
Liu, Weidong
[J]. 2016 IEEE 3RD INTERNATIONAL CONFERENCE ON CYBER SECURITY AND CLOUD COMPUTING (CSCLOUD), 2016, : 108 - 118
[5] New multi-server password authentication scheme using neural networks
Yoon, EJ
Yoo, KY
[J]. ADVANCES IN NATURAL COMPUTATION, PT 2, PROCEEDINGS, 2005, 3611 : 512 - 519
[6] Efficient and secure password-based authentication protocols against guessing attacks
Kwon, T
Song, J
[J]. COMPUTER COMMUNICATIONS, 1998, 21 (09) : 853 - 861
[7] Efficient and secure password-based authentication protocols against guessing attacks
Yonsei Univ, Seoul, Korea, Republic of
[J]. Comput Commun, 9 (853-861):
[8] Password-based authentication: Preventing dictionary attacks
Chakrabarti, Saikat
Singhal, Mukesh
[J]. COMPUTER, 2007, 40 (06) : 68 - +
[9] Cryptanalysis and Enhancement of a Password-Based Authentication Scheme
Eldefrawy, Mohamed H.
Al-Muhtadi, Jalal F.
[J]. 2015 IEEE 7TH INTERNATIONAL CONFERENCE ON CLOUD COMPUTING TECHNOLOGY AND SCIENCE (CLOUDCOM), 2015, : 548 - 551
[10] Cryptanalysis of Tan's improvement on a password authentication scheme for multi-server environments
Feng, Tung-Huang
Ling, Chung-Huei
Hwang, Min-Shiang
[J]. International Journal of Network Security, 2014, 16 (04) : 318 - 321

← 1 2 3 4 5 →