Article

Optimal authentication protocols resistant to password guessing attacks

Author:

Li GongAuthors Info & Claims

CSFW '95: Proceedings of the 8th IEEE workshop on Computer Security Foundations

Page 24

Published: 13 March 1995 Publication History

Publisher Site

Abstract

Users are typically authenticated by their passwords. Because people are known to choose convenient passwords, which tend to be easy to guess, authentication protocols have been developed that protect user passwords from guessing attacks. These proposed protocols, however, use more messages and rounds than those protocols that are not resistant to guessing attacks. This paper gives new protocols that are resistant to guessing attacks and also optimal in both messages and rounds, thus refuting the previous belief that protection against guessing attacks makes an authentification protocol inherently more expensive.

Cited By

View all

Deebak BMuthaiah RThenmozhi KSwaminathan P(2016)Analyzing three-party authentication and key agreement protocol for real time IP multimedia server---client systemsMultimedia Tools and Applications10.1007/s11042-015-2542-475:10(5795-5817)Online publication date: 1-May-2016
https://dl.acm.org/doi/10.1007/s11042-015-2542-4
Li ZWang WCheung BHui LSandhu RWong D(2011)Rethinking about guessing attacksProceedings of the 6th ACM Symposium on Information, Computer and Communications Security10.1145/1966913.1966954(316-325)Online publication date: 22-Mar-2011
https://dl.acm.org/doi/10.1145/1966913.1966954
Lee THwang T(2010)Simple password-based three-party authenticated key exchange without server public keysInformation Sciences: an International Journal10.1016/j.ins.2010.01.005180:9(1702-1714)Online publication date: 1-May-2010
https://dl.acm.org/doi/10.1016/j.ins.2010.01.005
Show More Cited By

Optimal authentication protocols resistant to password guessing attacks

Recommendations

Security and efficiency in authentication protocols resistant to password guessing attack
LCN '97: Proceedings of the 22nd Annual IEEE Conference on Local Computer Networks

Cryptographic protocols for authentication and key exchange are necessary for secure communications. Most protocols have assumed that a strong secret for authentication should be shared between communicating participants in the light of a threat of ...
Number theoretic attacks on secure password schemes
SP '97: Proceedings of the 1997 IEEE Symposium on Security and Privacy

Abstract: Encrypted Key Exchange (EKE) (S. Bellovin and M. Merritt, 1992; 1993) allows two parties sharing a password to exchange authenticated information over an insecure network by using a combination of public and secret key cryptography. EKE ...
Efficient protocols secure against guessing and replay attacks
ICCCN '95: Proceedings of the 4th International Conference on Computer Communications and Networks

Abstract: To establish secure network communications, a common practice requires that users authenticate one another and establish a temporary session key based on their passwords. Since users often use passwords that are easy to remember, attackers can ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

CSFW '95: Proceedings of the 8th IEEE workshop on Computer Security Foundations

March 1995

ISBN:0818670339

Publisher

IEEE Computer Society

United States

Publication History

Published: 13 March 1995

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

32
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 14 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Deebak BMuthaiah RThenmozhi KSwaminathan P(2016)Analyzing three-party authentication and key agreement protocol for real time IP multimedia server---client systemsMultimedia Tools and Applications10.1007/s11042-015-2542-475:10(5795-5817)Online publication date: 1-May-2016
https://dl.acm.org/doi/10.1007/s11042-015-2542-4
Li ZWang WCheung BHui LSandhu RWong D(2011)Rethinking about guessing attacksProceedings of the 6th ACM Symposium on Information, Computer and Communications Security10.1145/1966913.1966954(316-325)Online publication date: 22-Mar-2011
https://dl.acm.org/doi/10.1145/1966913.1966954
Lee THwang T(2010)Simple password-based three-party authenticated key exchange without server public keysInformation Sciences: an International Journal10.1016/j.ins.2010.01.005180:9(1702-1714)Online publication date: 1-May-2010
https://dl.acm.org/doi/10.1016/j.ins.2010.01.005
Katz JOstrovsky RYung M(2009)Efficient and secure authenticated key exchange using weak passwordsJournal of the ACM10.1145/1613676.161367957:1(1-39)Online publication date: 27-Nov-2009
https://dl.acm.org/doi/10.1145/1613676.1613679
Lee TLiu JSung MYang SChen C(2009)Communication-efficient three-party protocols for authentication and key agreementComputers & Mathematics with Applications10.1016/j.camwa.2009.02.03958:4(641-648)Online publication date: 1-Aug-2009
https://dl.acm.org/doi/10.1016/j.camwa.2009.02.039
Chien HWu T(2008)Highly Efficient Password-Based Three-Party Key Exchange in Random Oracle ModelProceedings of the IEEE ISI 2008 PAISI, PACCF, and SOCO international workshops on Intelligence and Security Informatics10.1007/978-3-540-69304-8_8(69-76)Online publication date: 17-Jun-2008
https://dl.acm.org/doi/10.1007/978-3-540-69304-8_8
Yoon EYoo K(2007)Token-based authenticated key establishment protocols for three-party communicationProceedings of the 2007 conference on Emerging direction in embedded and ubiquitous computing10.5555/1780828.1780904(758-769)Online publication date: 17-Dec-2007
https://dl.acm.org/doi/10.5555/1780828.1780904
Bard G(2007)Spelling-error tolerant, order-independent pass-phrases via the damerau-levenshtein string-edit distance metricProceedings of the fifth Australasian symposium on ACSW frontiers - Volume 6810.5555/1274531.1274545(117-124)Online publication date: 30-Jan-2007
https://dl.acm.org/doi/10.5555/1274531.1274545
Siponen MOinas-Kukkonen H(2007)A review of information security issues and respective research contributionsACM SIGMIS Database: the DATABASE for Advances in Information Systems10.1145/1216218.121622438:1(60-80)Online publication date: 28-Feb-2007
https://dl.acm.org/doi/10.1145/1216218.1216224
Wu SZhu Y(2007)Practical Password-Based Authenticated Key Exchange ProtocolComputational Intelligence and Security10.1007/978-3-540-74377-4_55(523-533)Online publication date: 1-Apr-2007
https://dl.acm.org/doi/10.1007/978-3-540-74377-4_55
Show More Cited By

Abstract

Cited By

Recommendations

Security and efficiency in authentication protocols resistant to password guessing attack

Number theoretic attacks on secure password schemes

Efficient protocols secure against guessing and replay attacks

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations