XIE Qi,CHEN De-ren,YU Xiu-yuan

IF: 2.034

2010-01-01

Systems Engineering

Abstract:In 2009, Park, et al. proposed an efficient remote user authentication protocol. They claimed that their protocol was the first password and smart card based remote user authentication scheme which can resist the off-line password guessing attack, and had many advantages over existing solutions such as no password tables and timestamp, low communication and computational costs. However, this paper shows that their protocol cannot resist the forgery attack and off-line password guessing attack. To overcome the security weaknesses, two improved schemes based on either nonce or timestamp without affecting the merits of the Park, et al. scheme are proposed. Technical discussions are provided to show that the improved protocol is secure, efficient and practical.

Deyu ZHANG,Lian XU

2013-01-01

Abstract:Authentication as a first line of defense to protect network security,has been widely used in a variety of systems. On the basis of analysis of the shortcomings of traditional dynamic password authentication method,an improved Two-way dynamic password authentication method is proposed to implement mutual trust by increasing a Two-way authentication function,so it can prevent the personating attack. In addition,it adopts small computational calculation methods,which is easy to be accomplished,and it can be applied to the distributed network environment.

Yan-yan Wang,Jia-yong Liu,Feng-xia Xiao,Jing Dan

DOI: https://doi.org/10.1016/j.comcom.2008.11.008

IF: 5.047

2009-01-01

Computer Communications

Abstract:In 2004, Das, Saxena and Gulati proposed a dynamic ID-based remote user authentication scheme. This scheme allows users to change and choose passwords freely, and the server does not maintain any verifier table. It is also secure to against ID-theft, replay attacks and insider attacks and so on. However, research has been done to point that it is completely insecure for its independent of the password. Furthermore, it did not achieve mutual authentication and could not resist impersonate remote server attack. In this paper, an enhanced password authentication scheme which still keeps the merits of the original scheme was presented. Security analysis proved that the improved scheme is more secure and practical.

Zhao Mingwei,Ji Xiaoyu,Jiang Rongan

DOI: https://doi.org/10.3969/j.issn.1000-386X.2009.05.085

2009-01-01

Abstract:Compared with traditional static password system,the identity authentication system with dynamic password is more secure.Based on ElGamal's private key cryptosystem and challenge-response mechanism,this paper presents a new identity authentication scheme with dynamic password which integrates the smart card and the fingerprint features.The bidirectional authentication between the clients and the server is also achieved.This scheme is effective in preventing reply attack and masquerade attack.

Jiayong Liu

2010-01-01

Abstract:For the requirements of the network security,the authentication scheme with smart card attracts more and more attention.The security of the dynamic id-based remote user authentication scheme proposed by Wang Yan-yan et al.is analyzed,the security flaw of this scheme,including feasibility of off-line password guessing attack,is pointed out.And then an improved scheme is proposed,which could avoid replay attack,off-line password guessing attack,masquerading server/user attack.The security analysis indicates that this new scheme is of higher security while keeping merits of the original scheme.

Mingwei Zhao,Xiaochen Yu

DOI: https://doi.org/10.3969/j.issn.1000-386x.2015.10.076

2015-01-01

Abstract:Compared with traditional static password identity authentication technology,the identity authentication system with dynamic password is more secure.Current schemes of dynamic password authentication have difficulties in heavy computation load and key storage because of the use of the public key encryption system mostly.In view of this,we propose a new identity authentication scheme with dynamic password which combines hash function,symmetric encryption mechanism and Challenge /Response mechanism.At the same time,we carry out the performance test and analysis on the scheme.Experimental results show that the scheme not only realises mutual authentication between server and clients under the network environment,but also has the advantages of high safety,strong practicability,low cost etc., which can be used as the identity authentication in most insecure network channels.

Yajuan Shi,Han Shen,Yuanyuan Zhang,Jianhua Chen

DOI: https://doi.org/10.14257/ijseia.2015.9.5.25

2015-01-01

International Journal of Software Engineering and Its Applications

Abstract:To keep the pace with the development of internet technology, remote user authentication techniques become more and more important to protect user's privacy. Recently, Kumari, et al., presented an improved remote user authentication scheme with key agreement based on dynamic-identity using smart card. This scheme allows legal users to change the password at his will without the need to connect the server. They claimed that their scheme could resist smart card stolen or loss attack, user impersonation and server masquerading attack, and provide user anonymity and untraceability and so on. However, our research indicates that their scheme is completely unsafe. Furthermore, the scheme can't provide the proper mutual authentication. In this manuscript, we will propose a new scheme, which can withstand those attacks mentioned above and provide the perfect user anonymity and forward secrecy. Security analysis makes it clear that the improved scheme apparently is more secure and practical.

XiaoYi Duan,Qishan Zhang,Jianwei Liu

2007-01-01

Abstract:Smart cards are secure, compact and intelligent data carriers, which can offers strong authentication and guaranteed non-repudiation. With the traditional authentication solution, the static password is rarely altered and maintained in the verifier table on the server. This is bringing forth the important attacks of replay attacks, guessing attacks, modication attacks, and stolen-verier attacks. However, the dynamic ID-based authentication solution can solve the problem. I-En Liao et al proposed a dynamic ID-based user authentication scheme using smart cards. The scheme has a lot of advantages, such as avoiding a variety of attacks, mutual authentication and no verifier table, but it can't resist to stolen attack. A improved scheme was presented to remedy their weaknesses. Compare with Liao-Lee-Hwang's scheme, the improved scheme not only avoid stolen attacks but also reduce the computational costs.

DENG Feijin,FAN Lei,SHI Jianjun

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.24.062

2005-01-01

Abstract:The dynamic password authentication mechanism is an important development direction of authentication.But in many dynamic password authentication schemes,user’s authentication data are transferred masking with the verifiers stored in the server.Once the verifier is stolen,the attacker can forge authentication data.Therefore,those schemes are vulnerable to theft attacks.Recently a new scheme named 2GR is proposed and showes that it can resist stolen-verifier attack.But the 2GR can’t provide protection against denial of service attack,and doesn’t provide mutual authentication.This paper proposes a revised scheme using smart cards,which eliminates such problems.

Wei Yuan,Liang Hu,Hongtu Li,Jianfeng Chu,Yuyu Sun

DOI: https://doi.org/10.4304/jsw.7.7.1524-1530

2012-01-01

Journal of Software

Abstract:Key exchange protocol is fundamental for establishing secure communication channels over public networks. Password-based key exchange protocols allow parties to share secret key in an authentic manner based on an easily memorizable password. Recently, a password-based group key agreement based on Joux’s tripartite key agreement is proposed to improve the performance when users join or leave the group. In this paper, we employ an online dictionary attack on this protocol to show that such kind of modification cannot achieve the basic security of password based group key agreement. With this method, an adversary can test several passwords in one session, which leads the key space reduces greatly to the potential adversaries. To fill the gaps, we propose an improved protocol, which can avoid this attack. Finally, we prove the security of our protocol under the random oracle and ideal cipher model.

Fang-fang KE,Xi-lin TANG,Qi-heng ZHANG

DOI: https://doi.org/10.3969/j.issn.1000-3428.2010.07.048

2010-01-01

Abstract:Thel protocol proposed by Rhee H S et al(Computer Standards & Interfaces, 2009, No.1) uses mobile equipment to replace smart card to reduce risk and cost, but it exists some demerits. Aiming at this problem, based on Chan-Cheng attack case, it points out that the protocol can not resist impersonation attack and off-line password guessing attack. In order to overcome these drawbacks, it gives the improved scheme. Experimental results show this scheme is strongly resistant to both of these attacks, which keeps the password secret and authenticating ID.

ZHOU Xian-cun,XIONG Yan,LIU Ren-jin

DOI: https://doi.org/10.3969/j.issn.1000-3428.2012.20.021

2012-01-01

Abstract:Analysis indicates that Liaw et al's remote user authentication scheme is vulnerable to replay attack,man-in-the-middle attack,and there are obvious security vulnerabilities in the password changing phase and registration phase.A remote user authentication scheme based on Diffie-Hellman(D-H) key exchange protocol is proposed.Theoretical analysis shows that the scheme can resist impersonation attack,replay attack,man-in-the-middle attack,and it can implement mutual authentication and session key generation securely.

刘大昕,杨小平,王桐

DOI: https://doi.org/10.3969/j.issn.1009-671x.2004.01.014

2004-01-01

Abstract:According to the theory of a mechanism of dynamic password authentication,an enhanced method combined with information of computer hardware is proposed and realized,which is useful in some places where the demand of security is more higher.

舒剑,许春香

DOI: https://doi.org/10.3969/j.issn.1000-436x.2010.03.008

2010-01-01

Abstract:The security of a recently proposed password-based authenticated key exchange protocol was analyzed. Al- though it was provably secure in the standard model, it was vulnerable to reflection attacks. A modify scheme was pro- posed, which eliminated the defect of original scheme and improved the efficiency of the protocol. The security of the proposed scheme had been proven in the standard model under DDH assumption. The results show that it provides per- fect forward secrecy.

Jing Liu,Qingyu Chen,Jianwei Liu,Jianhua Chen

DOI: https://doi.org/10.1109/CSSS.2011.5974633

2011-01-01

Abstract:The secure authentication and transaction is one of the important parts in networking security. Because of the security flaws of some existing schemes, this paper proposes a secure authentication and transaction protocol based on digital certificates and dynamic password. The protocol not only can realize the mutual authentication of the client and server, but also can achieve secure authentication and secure transaction by combing digital certificates and dynamic password. Analysis shows that the protocol can effectively resist many attacks and improve the security of the system. © 2011 IEEE.

Debiao He,Jianhua Chen,Jin Hu

DOI: https://doi.org/10.6138/jit.2012.13.3.04

2012-01-01

Abstract:As an important mechanism to guarantee secure communication, the authentication scheme has attracted wide attention. Recently, Xu et al. proposed a new authentication scheme and show their scheme is provably secure in the random oracle model under the computational Diffie-Hellman assumption. Unfortunately, in this paper, we will demonstrate that Xu et al.'s scheme is vulnerable to the impersonation attack and the privileged insider attack. We also propose an improved scheme to eliminate the security vulnerability.

Jingxuan Zhai,Tianjie Cao,Xiuqing Chen,Shi Huang

DOI: https://doi.org/10.14257/ijsia.2015.9.1.37

2015-01-01

International Journal of Security and Its Applications

Abstract:Dynamic ID-based authentication schemes based on password and smart card are widely used to provide two-factor authentication and user anonymity. However, these schemes have one or the other possible security weaknesses. In this paper, we analyze the schemes of Li et al. and Wang et al. published in recent years. After the analysis, we demonstrates that Li et al. 's schemes are vulnerable to off-line password guessing attack if the user's identity is compromised, Li et al.'s scheme cannot withstand the impersonation attack and linkability attack, Wang et al.'s schemes cannot resist off-line password guessing attack if the attacker steals a smart card, Wang et al. 's schemes fail to provide forward security. Our result shows that none of the existing dynamic ID based authentication schemes can achieve all the desirable security goals.

Xiong Li,Jianwei Niu,Junguo Liao,Wei Liang

DOI: https://doi.org/10.1002/dac.2676

2015-01-01

Abstract:AbstractIn the authentication scheme, it is important to ensure that the user's identity changed dynamically with the different sessions, which can protect the user's privacy information from being tracked. Recently, Chang et al. proposed an untraceable dynamic identity-based remote user authentication scheme with verifiable password update. However, our analysis show that the property of untraceability can easily be broken by the legal user of the system. Besides, we find the scheme of Chang et al. vulnerable to offline password guessing attack, impersonation attack, stolen smart card attack, and insider attack. Copyright © 2013 John Wiley & Sons, Ltd.

Yuhua Wang

2008-01-01

Abstract:A new improved password authentication scheme is proposed,which is user anonymity,can fix the Hwang-Yeh's scheme and provide more other security properties such as server spoofing attacks,forge attacks,etc.According to security properties comparisons among Peyravian-Zunic's scheme,Hwang-Yeh's scheme,Peyravian-Jeffries scheme,and our proposed scheme,the proposed scheme is more secure and practical over insecure network.

Yongchun Liu,Peng Gong,Xiaopeng Yan,Ping Li

DOI: https://doi.org/10.1002/dac.2708

2013-01-01

International Journal of Communication Systems

Abstract:Recently, Chang et al. [Chang Y, Tai W, Chang H. Untraceable dynamic identity-based remote user authentication scheme with verifiable password update. International Journal of Communication Systems 2013; doi:10.1002/dac.2552] proposed a dynamic identity-based remote user authentication scheme with verifiable password update. They also proved that their scheme could withstand various attacks. Unfortunately, by proposing concrete attacks, we show that their scheme is vulnerable to three kinds of attacks. We also point out that their scheme cannot provide untraceability. The analysis shows that the scheme of Chang et al. is not suitable for practical applications. Copyright (c) 2013 John Wiley & Sons, Ltd.