A New Password-Based Multi-server Authentication Scheme Robust to Password Guessing Attacks

被引:0
|
作者
Jia-Lun Tsai
Nai-Wei Lo
Tzong-Chen Wu
机构
[1] National Taiwan University of Science and Technology,Department of Information Management
[2] National Taiwan University of Science and Technology,Taiwan Information Security Center (TWISC)
来源
Wireless Personal Communications | 2013年 / 71卷
关键词
Password; Multi-server; Authentication scheme; Undetectable on-line password-guessing attack;
D O I
暂无
中图分类号
学科分类号
摘要
A multi-server authentication scheme is a useful authentication mechanism in which a remote user can access the services of multiple servers after registering with the registration center (RC). This study shows that the password-based multi-server authentication scheme proposed by Yeh and Lo is vulnerable to undetectable password-guessing attack and offline password-guessing attack. This study proposes a new password-based multi-server authentication scheme to overcome these vulnerabilities. The proposed protocol introduces a new mechanism for protecting user password. The RC sends an alternative key to help the server verify the legitimacy of user instead of the user’s password. The values of these keys are changed with a random large nonce in each session. Therefore, the password-guessing attack cannot work successfully on the proposed scheme.
引用
收藏
页码:1977 / 1988
页数:11
相关论文
共 50 条
  • [1] A New Password-Based Multi-server Authentication Scheme Robust to Password Guessing Attacks
    Tsai, Jia-Lun
    Lo, Nai-Wei
    Wu, Tzong-Chen
    [J]. WIRELESS PERSONAL COMMUNICATIONS, 2013, 71 (03) : 1977 - 1988
  • [2] Countermeasure on Password-Based Authentication Scheme for Multi-server Environments
    Lee, Youngsook
    Kim, Jiye
    Won, Dongho
    [J]. MULTIMEDIA AND UBIQUITOUS ENGINEERING, 2014, 308 : 459 - 466
  • [3] SSO password-based multi-server authentication protocol
    Sood, Sandeep K.
    Sarje, Anil K.
    Singh, Kuldip
    [J]. INTERNATIONAL JOURNAL OF COMMUNICATION NETWORKS AND DISTRIBUTED SYSTEMS, 2012, 9 (1-2) : 161 - 180
  • [4] A Threshold Multi-Server Protocol for Password-Based Authentication
    Guan, Mengxiang
    Song, Jiaxing
    Liu, Weidong
    [J]. 2016 IEEE 3RD INTERNATIONAL CONFERENCE ON CYBER SECURITY AND CLOUD COMPUTING (CSCLOUD), 2016, : 108 - 118
  • [5] New multi-server password authentication scheme using neural networks
    Yoon, EJ
    Yoo, KY
    [J]. ADVANCES IN NATURAL COMPUTATION, PT 2, PROCEEDINGS, 2005, 3611 : 512 - 519
  • [6] Efficient and secure password-based authentication protocols against guessing attacks
    Kwon, T
    Song, J
    [J]. COMPUTER COMMUNICATIONS, 1998, 21 (09) : 853 - 861
  • [7] Password-based authentication: Preventing dictionary attacks
    Chakrabarti, Saikat
    Singhal, Mukesh
    [J]. COMPUTER, 2007, 40 (06) : 68 - +
  • [8] Cryptanalysis and Enhancement of a Password-Based Authentication Scheme
    Eldefrawy, Mohamed H.
    Al-Muhtadi, Jalal F.
    [J]. 2015 IEEE 7TH INTERNATIONAL CONFERENCE ON CLOUD COMPUTING TECHNOLOGY AND SCIENCE (CLOUDCOM), 2015, : 548 - 551
  • [9] A secure remote password authentication scheme with key agreement for multi-server environments
    Lee, Wei-Bin
    Wu, Chia-Chun
    Tsaur, Woei-Jiunn
    [J]. WMSCI 2005: 9th World Multi-Conference on Systemics, Cybernetics and Informatics, Vol 5, 2005, : 19 - 23
  • [10] An efficient and secure multi-server password authentication scheme using smart cards
    Chang, CC
    Lee, JS
    [J]. 2004 INTERNATIONAL CONFERENCE ON CYBERWORLDS, PROCEEDINGS, 2004, : 417 - 422
12345