Offline Password Guessing Attacks on Smart-Card-Based Remote User Authentication Schemes

被引：2

作者：

Li, Xue-lei ^{[1
]}

Wen, Qiao-yan ^{[1
]}

Zhang, Hua ^{[1
]}

Jin, Zheng-ping ^{[1
]}

Li, Wen-min ^{[1
]}

机构：

[1] Beijing Univ Posts & Telecommun, State Key Lab Networking & Switching Technol, Beijing 100876, Peoples R China

来源：

PROCEEDINGS OF THE 6TH INTERNATIONAL ASIA CONFERENCE ON INDUSTRIAL ENGINEERING AND MANAGEMENT INNOVATION, VOL 2: INNOVATION AND PRACTICE OF INDUSTRIAL ENGINEERING AND MANAGMENT | 2016年

关键词：

Authentication; Password; Security; Smart card; IMPROVEMENT; SECURITY;

D O I：

10.2991/978-94-6239-145-1_9

中图分类号：

T [工业技术];

学科分类号：

08 ;

摘要：

Password as an easy-to-remember credential plays an important role in remote user authentication schemes, while drawing from a space so small that an adversary may exhaustively search all possible candidate passwords to guess the correct one. In order to enhance the security of the password authentication scheme, smart card is introduced as the second factor to construct two-factor authentication scheme. However, we find out that two latest smart-card-based password authentication schemes are vulnerable to offline password guessing attacks under the definition of secure two-factor authentication. Furthermore, in order to show the serious consequence of offline password guessing attacks, we illustrate that the password compromise impersonation attacks as further threats are effective to break down the authentication schemes. Finally, we conclude the reasons why these weaknesses exist and present our improved ideas to avoid these problems in the future.

引用

页码：81 / 89

页数：9

共 50 条

[41] Cryptanalysis of a User Anonymous Password Authentication Scheme Without Smart Card
Lin, Hao
Wen, Feng-Tong
Du, Chun-Xia
[J]. 2016 INTERNATIONAL CONFERENCE ON SERVICE SCIENCE, TECHNOLOGY AND ENGINEERING (SSTE 2016), 2016, : 293 - 298
[42] Design of a user anonymous password authentication scheme without smart card
Kumari, Saru
Khan, Muhammad Khurram
Li, Xiong
Wu, Fan
[J]. INTERNATIONAL JOURNAL OF COMMUNICATION SYSTEMS, 2016, 29 (03) : 441 - 458
[43] Improvement on a Smart Card Based Password Authentication Scheme
He, Debiao
Chen, Jianhua
Hu, Jin
[J]. JOURNAL OF INTERNET TECHNOLOGY, 2012, 13 (03): : 405 - 409
[44] A SMART CARD BASED AUTHENTICATION SCHEME FOR REMOTE USER LOGIN AND VERIFICATION
Cheng, Zi-Yao
Liu, Yun
Chang, Chin-Chen
Chang, Shih-Chang
[J]. INTERNATIONAL JOURNAL OF INNOVATIVE COMPUTING INFORMATION AND CONTROL, 2012, 8 (08): : 5499 - 5511
[45] Smart Card Based Remote User Authentication Scheme for Cloud Computing
Madhusudhan, R.
Hegde, Manjunath
[J]. 2019 IEEE 10TH ANNUAL UBIQUITOUS COMPUTING, ELECTRONICS & MOBILE COMMUNICATION CONFERENCE (UEMCON), 2019, : 905 - 910
[46] Advanced smart card based password authentication protocol
Song, Ronggong
[J]. COMPUTER STANDARDS & INTERFACES, 2010, 32 (5-6) : 321 - 325
[47] Smart card based secure password authentication scheme
Wang, SJ
Chang, JF
[J]. COMPUTERS & SECURITY, 1996, 15 (03) : 231 - 237
[48] A Security Improved Remote Password Authentication Scheme using Smart Card
Jing, Chao
[J]. EQUIPMENT MANUFACTURING TECHNOLOGY AND AUTOMATION, PTS 1-3, 2011, 317-319 : 1791 - 1796
[49] Guessing attacks on strong-password authentication protocol
Lee, Cheng-Chi
Liu, Chia-Hsin
Hwang, Min-Shiang
[J]. International Journal of Network Security, 2013, 15 (01) : 64 - 67
[50] An enhanced remote user authentication scheme with smart card
Kumar, Manoj
[J]. International Journal of Network Security, 2010, 10 (03) : 175 - 184

← 1 2 3 4 5 →