Offline Password Guessing Attacks on Smart-Card-Based Remote User Authentication Schemes

被引：2

作者：

Li, Xue-lei ^{[1
]}

Wen, Qiao-yan ^{[1
]}

Zhang, Hua ^{[1
]}

Jin, Zheng-ping ^{[1
]}

Li, Wen-min ^{[1
]}

机构：

[1] Beijing Univ Posts & Telecommun, State Key Lab Networking & Switching Technol, Beijing 100876, Peoples R China

来源：

PROCEEDINGS OF THE 6TH INTERNATIONAL ASIA CONFERENCE ON INDUSTRIAL ENGINEERING AND MANAGEMENT INNOVATION, VOL 2: INNOVATION AND PRACTICE OF INDUSTRIAL ENGINEERING AND MANAGMENT | 2016年

关键词：

Authentication; Password; Security; Smart card; IMPROVEMENT; SECURITY;

D O I：

10.2991/978-94-6239-145-1_9

中图分类号：

T [工业技术];

学科分类号：

08 ;

摘要：

Password as an easy-to-remember credential plays an important role in remote user authentication schemes, while drawing from a space so small that an adversary may exhaustively search all possible candidate passwords to guess the correct one. In order to enhance the security of the password authentication scheme, smart card is introduced as the second factor to construct two-factor authentication scheme. However, we find out that two latest smart-card-based password authentication schemes are vulnerable to offline password guessing attacks under the definition of secure two-factor authentication. Furthermore, in order to show the serious consequence of offline password guessing attacks, we illustrate that the password compromise impersonation attacks as further threats are effective to break down the authentication schemes. Finally, we conclude the reasons why these weaknesses exist and present our improved ideas to avoid these problems in the future.

引用

页码：81 / 89

页数：9

共 50 条

[1] Robust smart-card-based remote user password authentication scheme
Chen, Bae-Ling
Kuo, Wen-Chung
Wuu, Lih-Chyau
[J]. INTERNATIONAL JOURNAL OF COMMUNICATION SYSTEMS, 2014, 27 (02) : 377 - 389
[2] Cryptanalysis of 'A Robust Smart-Card-Based Remote User Password Authentication Scheme'A
Kumari, Saru
Bin Muhaya, Fahad
Khan, Muhammad Khurram
Kumar, Rahul
[J]. 2013 INTERNATIONAL SYMPOSIUM ON BIOMETRICS AND SECURITY TECHNOLOGIES (ISBAST), 2013, : 247 - 250
[3] Cryptanalysis and improvement of 'a robust smart-card-based remote user password authentication scheme'
Kumari, Saru
Khan, Muhammad Khurram
[J]. INTERNATIONAL JOURNAL OF COMMUNICATION SYSTEMS, 2014, 27 (12) : 3939 - 3955
[4] A Smart-Card-Based Remote User Authentication Protocol with Privacy Support
Lu, Jian-Zhu
Deng, Shengyuan
Zhou, Jipeng
Fan, Xiuwei
Yang, Hao
[J]. 2012 13TH INTERNATIONAL CONFERENCE ON PARALLEL AND DISTRIBUTED COMPUTING, APPLICATIONS, AND TECHNOLOGIES (PDCAT 2012), 2012, : 96 - 101
[5] A smart-card-based remote authentication scheme
Chang, CC
Lee, JS
[J]. ICESS 2005: SECOND INTERNATIONAL CONFERENCE ON EMBEDDED SOFTWARE AND SYSTEMS, 2005, : 445 - 449
[6] Improvement of robust smart-card-based password authentication scheme
Jiang, Qi
Ma, Jianfeng
Li, Guangsong
Li, Xinghua
[J]. INTERNATIONAL JOURNAL OF COMMUNICATION SYSTEMS, 2015, 28 (02) : 383 - 393
[7] An enhanced smart card based remote user password authentication scheme
Li, Xiong
Niu, Jianwei
Khan, Muhammad Khurram
Liao, Junguo
[J]. JOURNAL OF NETWORK AND COMPUTER APPLICATIONS, 2013, 36 (05) : 1365 - 1371
[8] Smart Card Based Remote User Authentication Schemes: A Survey
Jaspher, G.
Kathrine, W.
Kirubakaran, E.
Prakash, Parul
[J]. INTERNATIONAL CONFERENCE ON MODELLING OPTIMIZATION AND COMPUTING, 2012, 38 : 1318 - 1326
[9] Smart Card Based Remote User Authentication Schemes - Survey
Katherine, G. Jaspher W.
Kirubakaran, E.
Prakash, Parul
[J]. 2012 THIRD INTERNATIONAL CONFERENCE ON COMPUTING COMMUNICATION & NETWORKING TECHNOLOGIES (ICCCNT), 2012,
[10] Secure and Efficient Smart-Card-Based Remote User Authentication Scheme for Multiserver Environment
Shunmuganathan, Saraswathi
Saravanan, Renuka Devi
Palanichamy, Yogesh
[J]. CANADIAN JOURNAL OF ELECTRICAL AND COMPUTER ENGINEERING-REVUE CANADIENNE DE GENIE ELECTRIQUE ET INFORMATIQUE, 2015, 38 (01): : 20 - 30

← 1 2 3 4 5 →