Strong password-only authenticated key exchange
ACM SIGCOMM Computer Communication Review
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Securing passwords against dictionary attacks
Proceedings of the 9th ACM conference on Computer and communications security
CompChall: Addressing Password Guessing Attacks
ITCC '05 Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume I - Volume 01
Off-line password-guessing attack to Peyravian-Jeffries's remote user authentication protocol
Computer Communications
Security flaws of remote user access over insecure networks
Computer Communications
Secure remote user access over insecure networks
Computer Communications
Provably secure password-authenticated key exchange using Diffie-Hellman
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
New directions in cryptography
IEEE Transactions on Information Theory
A public key cryptosystem and a signature scheme based on discrete logarithms
IEEE Transactions on Information Theory
Protecting poorly chosen secrets from guessing attacks
IEEE Journal on Selected Areas in Communications
Security flaw of Hölbl et al.'s protocol
Computer Communications
Hi-index | 0.24 |
Remote authentication of users supported by passwords is a broadly adopted method of authentication within insecure network environments. Such protocols typically rely on pre-established secure cryptographic keys or public key infrastructure. Recently, Peyravian and Jeffries [M. Peyravian, C. Jeffries, Secure remote user access over insecure networks, Computer Communications 29 (5-6) (2006) 660-667] proposed a protocol for secure remote user access over insecure networks. Shortly after the protocol was published Shim [K.A. Shim, Security flaws of remote user access over insecure networks, Computer Communications 30 (1) (2006) 117-121] and Munilla et al. [J. Munilla, A. Peinado, Off-line password-guessing attack to Peyravian-Jeffries's remote user authentication protocol, Computer Communications 30 (1) (2006) 52-54] independently presented an off-line guessing attack on the protocol. Based on their findings we present an improved secure password-based protocol for remote user authentication, password change, and session key establishment over insecure networks, which is immune against the attack.