A New Password-Based Multi-server Authentication Scheme Robust to Password Guessing Attacks

被引:0
|
作者
Jia-Lun Tsai
Nai-Wei Lo
Tzong-Chen Wu
机构
[1] National Taiwan University of Science and Technology,Department of Information Management
[2] National Taiwan University of Science and Technology,Taiwan Information Security Center (TWISC)
来源
Wireless Personal Communications | 2013年 / 71卷
关键词
Password; Multi-server; Authentication scheme; Undetectable on-line password-guessing attack;
D O I
暂无
中图分类号
学科分类号
摘要
A multi-server authentication scheme is a useful authentication mechanism in which a remote user can access the services of multiple servers after registering with the registration center (RC). This study shows that the password-based multi-server authentication scheme proposed by Yeh and Lo is vulnerable to undetectable password-guessing attack and offline password-guessing attack. This study proposes a new password-based multi-server authentication scheme to overcome these vulnerabilities. The proposed protocol introduces a new mechanism for protecting user password. The RC sends an alternative key to help the server verify the legitimacy of user instead of the user’s password. The values of these keys are changed with a random large nonce in each session. Therefore, the password-guessing attack cannot work successfully on the proposed scheme.
引用
收藏
页码:1977 / 1988
页数:11
相关论文
共 50 条
  • [21] Robust Multi-Server Authentication Scheme
    Yoon, Eun-Jun
    Yoo, Kee-Young
    [J]. 2009 6TH IFIP INTERNATIONAL CONFERENCE ON NETWORK AND PARALLEL COMPUTING, 2009, : 197 - +
  • [22] Remote Login Password Authentication Scheme using Tangent Theorem on Circle in a Multi-Server Environment
    Kumari, Shipra
    HariOm
    [J]. 2014 FIRST INTERNATIONAL CONFERENCE ON NETWORKS & SOFT COMPUTING (ICNSC), 2014, : 76 - 80
  • [23] Enhancing of a Password-Based Authentication Scheme Using Smart Cards
    Lee, Youngsook
    Won, Dongho
    [J]. ON THE MOVE TO MEANINGFUL INTERNET SYSTEMS: OTM 2009, PT 2, 2009, 5871 : 879 - +
  • [24] AN ENHANCED PASSWORD-BASED USER AUTHENTICATION SCHEME FOR GRID COMPUTING
    Wu, Zhen-Yu
    Chung, Yufang
    Lai, Feipei
    Chen, Tzer-Shyong
    Lee, Hung-Chang
    [J]. INTERNATIONAL JOURNAL OF INNOVATIVE COMPUTING INFORMATION AND CONTROL, 2011, 7 (7A): : 3751 - 3760
  • [25] A password-based authentication and key establishment scheme for mobile environment
    Liu, Jun
    Liao, Jianxin
    Zhu, Xiaomin
    [J]. 21ST INTERNATIONAL CONFERENCE ON ADVANCED NETWORKING AND APPLICATIONS WORKSHOPS/SYMPOSIA, VOL 2, PROCEEDINGS, 2007, : 99 - +
  • [26] Password-based group key exchange secure against insider guessing attacks
    Byun, JW
    Lee, DH
    Lim, J
    [J]. COMPUTATIONAL INTELLIGENCE AND SECURITY, PT 2, PROCEEDINGS, 2005, 3802 : 143 - 148
  • [27] Neuromuscular Password-Based User Authentication
    Jiang, Xinyu
    Xu, Ke
    Liu, Xiangyu
    Dai, Chenyun
    Clifton, David A.
    Clancy, Edward A.
    Akay, Metin
    Chen, Wei
    [J]. IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, 2021, 17 (04) : 2641 - 2652
  • [28] Mitigating Server Breaches in Password-Based Authentication: Secure and Efficient Solutions
    Blazy, Olivier
    Chevalier, Celine
    Vergnaud, Damien
    [J]. TOPICS IN CRYPTOLOGY - CT-RSA 2016, 2016, 9610 : 3 - 18
  • [29] PASTA: PASsword-based Threshold Authentication
    Agrawal, Shashank
    Miao, Peihan
    Mohassel, Payman
    Mukherjee, Pratyay
    [J]. PROCEEDINGS OF THE 2018 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (CCS'18), 2018, : 2042 - 2059
  • [30] On Unlinkability of Password-Based Anonymous Authentication
    Shin, SeongHan
    Kobara, Kazukuni
    [J]. IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, 2015, E98A (06) : 1320 - 1324
12345