A security risk of depending on synchronized clocks
ACM SIGOPS Operating Systems Review
Authentication and authenticated key exchanges
Designs, Codes and Cryptography
An attack on the Needham-Schroeder public-key authentication protocol
Information Processing Letters
Password authentication with insecure communication
Communications of the ACM
Limitations of the Kerberos authentication system
ACM SIGCOMM Computer Communication Review
Security enhancement for password authentication schemes with smart cards
TrustBus'05 Proceedings of the Second international conference on Trust, Privacy, and Security in Digital Business
A new remote user authentication scheme using smart cards
IEEE Transactions on Consumer Electronics
An efficient remote use authentication scheme using smart cards
IEEE Transactions on Consumer Electronics
Cryptanalysis of the user authentication scheme with anonymity
FGIT'11 Proceedings of the Third international conference on Future Generation Information Technology
Hi-index | 0.00 |
A mutual authentication scheme is a two-party protocol designed to allow the communicating parties to confirm each other's identity over a public, insecure network. Passwords provide the most convenient means of authentication because they are easy for humans to remember. Whilst there have been many proposals for password authentication, they are vulnerable to various attacks and are neither efficient, nor user friendly. In this paper we propose two new password authentication schemes making use of smart cards: the timestamp-based authentication scheme (TBAS) and the nonce-based authentication scheme (NBAS). Both TBAS and NBAS provide many desirable features: (1) they do not require the server to maintain a password table for verifying the legitimacy of login users; (2) they allow users to choose their passwords according to their liking and hence give more user convenience; (3) they are extremely efficient in terms of the computational cost since the protocol participants perform only a few hash function operations; and (4) they achieve mutual authentication between the remote user and the server. In addition, NBAS does not require synchronized clocks between the remote user and the server.