Tutorial: Efficient and secure password-based authentication protocols against guessing attacks

Authors:
Taekyoung Kwon;Jooseok Song
Affiliations:
Department of Computer Science, Yonsei University, Seoul 120 749, South Korea;Department of Computer Science, Yonsei University, Seoul 120 749, South Korea
Venue:
Computer Communications
Year:
1998

Citing 15
Cited 3

Efficient and timely mutual authentication

ACM SIGOPS Operating Systems Review
Reducing risks from poorly chosen keys

SOSP '89 Proceedings of the twelfth ACM symposium on Operating systems principles
A logic of authentication

ACM Transactions on Computer Systems (TOCS)
Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise

CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Refinement and extension of encrypted key exchange

ACM SIGOPS Operating Systems Review
Undetectable on-line password guessing attacks

ACM SIGOPS Operating Systems Review
Timestamps in key distribution protocols

Communications of the ACM
Password security: a case history

Communications of the ACM
Using encryption for authentication in large networks of computers

Communications of the ACM
UNIX Password Security - Ten Years Later

CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
A Modular Approach to Key Distribution

CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Optimal authentication protocols resistant to password guessing attacks

CSFW '95 Proceedings of the 8th IEEE workshop on Computer Security Foundations
An Adaptable and Reliable Authentication Protocol for Communication Networks

INFOCOM '97 Proceedings of the INFOCOM '97. Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Driving the Information Revolution
New directions in cryptography

IEEE Transactions on Information Theory
Protecting poorly chosen secrets from guessing attacks

IEEE Journal on Selected Areas in Communications

Research and Realization of Authentication Technique Based on OTP and Kerberos

HPCASIA '05 Proceedings of the Eighth International Conference on High-Performance Computing in Asia-Pacific Region
Threshold password authentication against guessing attacks in Ad hoc networks

Ad Hoc Networks
Remote authentication with forward security

ATC'06 Proceedings of the Third international conference on Autonomic and Trusted Computing

Quantified Score

Hi-index	0.24

Visualization

Abstract

We propose authentication and key exchange protocols which are both efficient and secure against password guessing attacks. Conventional authentication protocols have assumed that a strong secret should be shared between communicating participants, in the light of a threat of guessing attacks. A cryptographically long secret would be favored for security reasons, but it is not suitable for users to remember. Recent password-based protocols to defeat guessing attacks are more expensive than previous ones, in terms of the computation and communication costs. Using a one-time pad and a strong one-way hash function, we promote both security and efficiency. Thereby, we also verify our protocol formally.