Strengthening password-based authentication protocols against online dictionary attacks

Authors:
Peng Wang;Yongdae Kim;Vishal Kher;Taekyoung Kwon
Affiliations:
Computer Science and Engineering, University of Minnesota, Twin Cities, Minnesota;Computer Science and Engineering, University of Minnesota, Twin Cities, Minnesota;Computer Science and Engineering, University of Minnesota, Twin Cities, Minnesota;School of Computer Engineering, Sejong University, Seoul, Korea
Venue:
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Year:
2005

Citing 15
Cited 0

Reducing risks from poorly chosen keys

SOSP '89 Proceedings of the twelfth ACM symposium on Operating systems principles
Strong password-only authenticated key exchange

ACM SIGCOMM Computer Communication Review
Timestamps in key distribution protocols

Communications of the ACM
Password security: a case history

Communications of the ACM
Handbook of Applied Cryptography

Handbook of Applied Cryptography
Securing passwords against dictionary attacks

Proceedings of the 9th ACM conference on Computer and communications security
Pricing via Processing or Combatting Junk Mail

CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm

ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
DOS-Resistant Authentication with Client Puzzles

Revised Papers from the 8th International Workshop on Security Protocols
Defending Against Denial-of-Service Attacks with Puzzle Auctions

SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Time-lock Puzzles and Timed-release Crypto

Time-lock Puzzles and Timed-release Crypto
Using client puzzles to protect TLS

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
SSH: secure login connections over the internet

SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Provably secure password-authenticated key exchange using Diffie-Hellman

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques

Quantified Score

Hi-index	0.00

Visualization

Abstract

Passwords are one of the most common cause of system break-ins, because the low entropy of passwords makes systems vulnerable to brute force guessing attacks (dictionary attacks). Existing Strong Password-based Authentication and Key Agreement (SPAKA) protocols protect passwords from passive (eavesdropping-offline dictionary) attacks, but not from active online dictionary attacks. This paper presents a simple scheme that strengthens password-based authentication protocols and helps prevent online dictionary attacks as well as many-to-many attacks common to 3-pass SPAKA protocols. The proposed scheme significantly increases the computational burden of an attacker trying to launch online dictionary attacks, while imposing negligible load on the legitimate clients as well as on the authentication server.