YAO Lin,FAN Qingna,KONG Xiangwei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2011.06.023

2011-01-01

Abstract:As a result of the high mobility of the pervasive computing,the principles communicating with each other usually locate at different domains.To secure the service access and communications,the principles should authenticate each other and establish a fresh session key.A novel inter-domain authentication and key establishment protocol is proposed.The proposed protocol reduces the burden of certificates management by adopting the biometric encryption.After inter-domain mutual authentication,the two principles build a new session key using the signcryption technique.The protocol can defend lots of attacks and its correctness is proven by the SVO logic.

LI Jian-jun,XU Duan-qing,GUO Wei-qing

DOI: https://doi.org/10.3969/j.issn.1000-7024.2005.09.068

2005-01-01

Abstract:Combining with living examples and based on IPSEC,the realization of the VPN system was approached in many internet circumstances of remote access(such as gateway,broadband,xDSL etc.),and in view of the deficiency and the hidden troubles of the traditional static password,introduces a working mechanism was introduced which took into consideration both the tokencard two factor authentication and Windows AD,and proveds to be flexible and liable for the single-sign on clients.

XIE Qi,CHEN De-ren,YU Xiu-yuan

IF: 2.034

2010-01-01

Systems Engineering

Abstract:In 2009, Park, et al. proposed an efficient remote user authentication protocol. They claimed that their protocol was the first password and smart card based remote user authentication scheme which can resist the off-line password guessing attack, and had many advantages over existing solutions such as no password tables and timestamp, low communication and computational costs. However, this paper shows that their protocol cannot resist the forgery attack and off-line password guessing attack. To overcome the security weaknesses, two improved schemes based on either nonce or timestamp without affecting the merits of the Park, et al. scheme are proposed. Technical discussions are provided to show that the improved protocol is secure, efficient and practical.

Rong Fan,Lingdi Ping,JianQing Fu,Xuezeng Pan

DOI: https://doi.org/10.1109/PACCS.2010.5626600

2010-01-01

Abstract:As wireless sensor networks (WSNs) are susceptible to attacks and sensor nodes have limited resources, designing a secure and efficient user authentication protocol for WSNs is a difficult task. Considering that most future large-scale WSNs follow a two-tiered architecture, we propose an efficient and Denial-of-Service resistant user authentication scheme for two-tiered WSNs, which imposes very light computational load and requires simple operations such as one-way hash function and exclusive-OR operations. In addition, there is a growing requirement for preserving user anonymity recently. Thus we introduce pseudonym identity for each user which is concealed in login messages. And through clever design, our proposed scheme can prevent from smart card breach. Moreover, the security analysis on this scheme demonstrates that our proposed scheme enjoys security attributes such as preventing the various kinds of attacks and user anonymity. Finally, performance analysis shows that our proposed scheme is simple and efficient.

Muhammad Bilal,Can Wang,Zhi Yu,Abid Bashir

DOI: https://doi.org/10.1109/icsess49938.2020.9237635

2020-01-01

Abstract:Identity management (IdM) plays a significant role in managing user identities (IDs). However, IdM is challenging to handle the rapidly rising numerous kinds of Web-based applications nowadays. The OpenID 2.0 communication protocol is an improved solution for managing a user's IDs based on the OpenID URL identity. OpenID URL identity is not very much secure in specific Web-based attacks; for instance, session hijacking and phishing attacks often occur. The earlier OpenID-based methods secure OpenID URL identity with single, double, and triple authentication schemes. But Identity Provider (IdP) side is still not secure in Web attacks: if an attacker steals the IdP-side legal user information, then existing OpenID-based security techniques are unreliable. The anticipated OpenID Reverse Authentication Authorizing and Accounting (RAAA) user authentication-based protocol secured OpenID URL identity by providing two beneficial fields Secret Alphanumeric String (SAS) and Special Innovative PIN (SIP) that utilize in testing website both sides in reverse and cost-effective way. In this experiment, IdP and Relying Party (RP), both sides are being used secretly. Therefore, experimental websites also test to check the proposed triple authentication protocol. In this paper, we have compared our RAAA user authentication protocol with already available SSO protocol methods. The tested websites and comparative results represent that the anticipated design protocol is very much secure and reliable solution. The advanced cryptographic Single-Sign-On (SSO) secure protocol reduces the higher-level session hijacking and phishing attacks risk in an OpenID-based environment. We suggest future SSO protocol methods will be needed more in terms of the authorized user's identity authentication in Web-based applications.

Mingwei Zhao,Xiaochen Yu

DOI: https://doi.org/10.3969/j.issn.1000-386x.2015.10.076

2015-01-01

Abstract:Compared with traditional static password identity authentication technology,the identity authentication system with dynamic password is more secure.Current schemes of dynamic password authentication have difficulties in heavy computation load and key storage because of the use of the public key encryption system mostly.In view of this,we propose a new identity authentication scheme with dynamic password which combines hash function,symmetric encryption mechanism and Challenge /Response mechanism.At the same time,we carry out the performance test and analysis on the scheme.Experimental results show that the scheme not only realises mutual authentication between server and clients under the network environment,but also has the advantages of high safety,strong practicability,low cost etc., which can be used as the identity authentication in most insecure network channels.

Zhao Mingwei,Ji Xiaoyu,Jiang Rongan

DOI: https://doi.org/10.3969/j.issn.1000-386X.2009.05.085

2009-01-01

Abstract:Compared with traditional static password system,the identity authentication system with dynamic password is more secure.Based on ElGamal's private key cryptosystem and challenge-response mechanism,this paper presents a new identity authentication scheme with dynamic password which integrates the smart card and the fingerprint features.The bidirectional authentication between the clients and the server is also achieved.This scheme is effective in preventing reply attack and masquerade attack.

Jianqing Fu,Jian Chen,Rong Fan,XiaoPing Chen,Lingdi Ping

DOI: https://doi.org/10.1109/wcse.2009.731

2009-01-01

Abstract:With the widespread use of mobile devices, authentication and privacy of identification become important issues. We analyzed the security flaws and shortcomings of a delegation-based authentication protocol which was proposed by Caimu Tang, et al., and provided an improved protocol. We use elliptic-curve cryptography and hash chain to ensure the safety of system in our scheme. The research results reveal that the improved protocol can not only corrects the security flaws but also improve the efficiency of key management and reduce the computational load.

BT Hsieh,HM Sun,T Hwang

DOI: https://doi.org/10.15388/informatica.2003.014

2003-01-01

Informatica

Abstract:In an internet environment, such as UNIX, a remote user has to obtain the access right from a server before doing any job. The procedure of obtaining acess right is called a user authentication protocol. User authentication via user memorable password provides convenience without needing any auxiliary devices, such as smart card. A user authentication protocol via username and password should basically withstand the off-line password guessing attack, the stolen verifier attack, and the DoS attack. Recently, Peyravian and Zunic proposed one password transmission protocol and one password change protocol. Later, Tseng et al. (2001) pointed out that Peyravian and Zunic's protocols can not withstand the off-line password guessing attack, and therefore proposed an improved protocol to defeat the attack. Independently, Hwang and Yeh also showed that Peyravian and Zunic's protocols suffer from some secury flaws, and an improved protocol was also presented. In this paper, we show that both Peyravian and Zunic's protocols and Tseng et al.'s improved protocol are insecure against the stolen verifier attack. Moreover, we show that all Peyravian and Zunic's, Tseng et al.'s, and Hwang and Yeh's protocols are insecure against DoS attack.

Ping Wang,Ding Wang,Xinyi Huang

DOI: https://doi.org/10.7544/issn1000-1239.2016.20160483

2016-01-01

Abstract:Identity authentication is the first line of defense for information systems ,and passwords are the most widely used authentication method .Though there are a number of issues in passwords regarding security and usability , and various alternative authentication methods have also been successively proposed , password‐based authentication will remain the dominant method in the foreseeable future due to its simplicity ,low cost and easiness to change .T hus ,this topic has attracted extensive interests from worldwide researchers ,and many important results have been revealed .This work begins with the introduction of users’ vulnerable behaviors and details the password characteristics ,distribution and reuse rate .Next we summarize the primary cracking algorithms that have appeared in the past 30 years , and classify them into groups in terms of the difference in dependence on what information is exploited by the attacker .Then ,we revisit the various statistical‐based evaluation metrics for measuring the strength of password distributions .Further ,we compare the state‐of‐the‐art password strength meters .Finally ,we summarize our results and outline some future research trends .

吴和生,范训礼,谢俊元

DOI: https://doi.org/10.3969/j.issn.1002-137X.2003.05.044

2003-01-01

Computer Science

Abstract:Some usual one-time password authentication protocols are analyzed. A practical efficient one-time pass-word authentication implementing method is presented based on the symmetric algorithm, which conquers usual chal-lenge-response protocol weakness and can protect user's identity and avoid replay attack etc. It also can boost up thesecurity of the application security system by integrating with it in networks. And the correlative issues are discusseddeeply such as security, reliability and so on.

Mengxiang Guan,Jiaxing Song,Weidong Liu

DOI: https://doi.org/10.1109/cscloud.2016.26

2016-01-01

Abstract:Password-based user authentication service is widely used in Internet. Most of the password-based authentication protocols are constructed under the single-server structure that a authencitation server stores cleartext passwords or verification data derived from password and responds to users' authentication request.The security of single-server authentication system is very fragile. In particular, when the server is comprimised, all of users' verification data is exposed to the attacker. Nowadays, development of mobile Internet leads the demand of authentication on roaming device. In this scenario, easily memorable short password and simple secret is accepted by most people despite of its security limitation. The utilization of short password worsens the situation of single-server authentication protocol. Attackers controlling the system can launch off-line dictionary attack from internal of server side to obtain users' original password.Multi-server authentication protocols can improve the security of verification data by distributed storing data on the cluster. This approach increases the difficulty of internal attack and guarantees security even if a portion of servers in the cluster are controlled by adversary. But in practice, There are some problems in existing multi-server protocols. For example, communicating with multiple servers brings extra network and computational burden to client device.To address these problems, in this paper we propose a novel password-based multi-server authenication protocol which not only require less computation on client device but remain functional and secure even if adversary controls some servers and forces them collude to attack our protocol.

Ding WANG,Ping WANG,Zeng-peng LI,Chun-guang MA

2015-01-01

Systems Engineering - Theory & Practice

Abstract:With identity authentication becoming an essential mechanism to ensure robust system security in information systems,RSA-based authentication protocols have been studied intensively for their great practicality.This paper points out that a recent RSA-based remote user two-factor authentication protocol proposed by Xie et al.cannot achieve the claimed security and reports its following flaws:(1) It is vulnerable to replay attack and key compromise impersonation attack;(2) It suffers from the problem of user privacy violation and poor repairability.As our main contribution,an improved scheme is put forward and formally proved secure under the RSA assumption in the random oracle model.As compared with other related schemes,our scheme is the first one that can achieve provable security while keeping the merit of high performance.Consequently,our scheme is more well-suited for mobile application scenarios where resource is severely constrained and security is particularly concerned.

Yao Liu,Yueting Chai,Yi Liu

DOI: https://doi.org/10.1109/icebe.2015.76

2015-01-01

Abstract:In the current Internet environment, security incidents occur frequently and the potential safety problems are highlighted. In this case, we propose "Internet trusted identity authentication system". The system changes the previous conventional mode of identity authentication, changes the mode of username/password to the relationship bound between net ID and password rule and replaces the traditional dead-password mode with the mode of dynamic password and password rule. At the same time, we should establish the repository of trusted identity to store and manage the net ID and password rule. With the tools of USBKEY, SMS and digital certificates, the system can achieve the function of implementing the real-name network in the Internet, making remembering passwords more convenience, simplifying users' operations online and strengthening the security of personal identification information online, which can improve the safety, reliability and efficiency of the Internet, on the premise that it won't change the Internet functions or the operation habits.

YANG Jian-jun,JIA Chen-jun,RAN Li-xin

DOI: https://doi.org/10.3785/j.issn.1008-973x.2005.02.014

2005-01-01

Abstract:By analyzing the principle of remote authentication dial in user service (RADIUS) protocol and the applied security algorithm, an improved RADIUS protocol was proposed to enhance the security performance of networks.Based on the improved protocol,AAA (authentication,authority and account) architecture was set up for the Internet service providers.The AAA architecture for wireless gateway does not increase the complexity of the communication systems, and is simple and easy to implement.

Weiwei Han

DOI: https://doi.org/10.48550/arXiv.1201.0883

2012-01-04

Abstract:Recently, Li et al. proposed a dynamic identity based authentication protocol for multi-server architecture. They claimed their protocol is secure and can withstand various attacks. But we found some security loopholes in the protocol. Accordingly, the current paper demonstrates that Li et al.'s protocol is vulnerable to the replay attack, the password guessing attack and the masquerade attack.

Cryptography and Security

SH Wang,F Bao,J Wang

DOI: https://doi.org/10.1093/ietcom/e88-b.4.1641

2005-01-01

IEICE Transactions on Communications

Abstract:In 2002, Zhu et al. proposed a password authenticated key exchange protocol based on RSA such that it is efficient enough to be implemented on most of the target low-power devices such as smart cards and low-power Personal Digital Assistants in imbalanced wireless networks. Recently, YEH et al. claimed that Zhu et al.'s protocol not only is insecure against undetectable on-line password guessing attack but also does not achieve explicit key authentication. Thus they presented an improved version. Unfortunately, we find that YEH et al.'s password guessing attack does not come into existence, and that their improved protocol is vulnerable to off-line dictionary attacks. In this paper we describe our observation in details, and also comment for the original protocol on how to achieve explicit key authentication as well as resist against other existent attacks.

Xun Yi

DOI: https://doi.org/10.1109/nss.2010.97

2010-09-01

Abstract:Typical protocols for password-based authentication assumes a single server which stores all the passwords necessary to authenticate users. If the server is compromised, user passwords are disclosed. To address this issue, Yang et al. proposed a practical password-based two-server authentication and key exchange protocol, where a front-end server, keeping one share of a password, and a back-end server, holding another share of the password, cooperate in authenticating a user and, meanwhile, establishing a secret key with the user. In this paper, we present two “half-online and half-offline” attacks to Yang et al.'s protocol. By these attacks, user passwords can be determined once the back-end server is compromised. Therefore, Yang et al.'s protocol has no essential difference from a password-based single-server authentication protocol.

LiuJiqiang,ZhongSheng

DOI: https://doi.org/10.5555/1568357.1568366

2009-01-01

Cryptologia

Abstract:Password authentication is a type of authentication protocol for communications over an insecure network. Recently, Kim, Jeon, and Yoo gave an improvement of Yang-Shieh password authentication sche...

Zhang Mingjie,Luo Yi,Niu Hanchun

DOI: https://doi.org/10.3969/j.issn.1000-0801.2007.12.004

2007-01-01

Abstract:The report presents an authentication system based on dynamic-password SIM,following the analysis of the ordinary authentication methods for Internet application. With this system, a business model is suggested for the Internet secured authentication,by which telecom company would run a new service with various business customers.