Off-line password-guessing attack to Peyravian-Jeffries's remote user authentication protocol
Computer Communications
The usability of passphrases for authentication: An empirical field study
International Journal of Human-Computer Studies
Security weakness in a three-party pairing-based protocol for password authenticated key exchange
Information Sciences: an International Journal
Communication-efficient AUTHMAC_DH protocols
Computer Standards & Interfaces
Improving the novel three-party encrypted key exchange protocol
Computer Standards & Interfaces
A round- and computation-efficient three-party authenticated key exchange protocol
Journal of Systems and Software
Security flaw of Hölbl et al.'s protocol
Computer Communications
Communication-efficient three-party protocols for authentication and key agreement
Computers & Mathematics with Applications
Password authenticated key exchange protocols among diverse network domains
Computers and Electrical Engineering
A communication-efficient three-party password authenticated key exchange protocol
Information Sciences: an International Journal
Electronic Commerce Research and Applications
Two-server password-only authenticated key exchange
Journal of Computer and System Sciences
Tutorial: Efficient and secure password-based authentication protocols against guessing attacks
Computer Communications
Graphical passwords: Learning from the first twelve years
ACM Computing Surveys (CSUR)
Cryptanalysis of a communication-efficient three-party password authenticated key exchange protocol
Information Sciences: an International Journal
Multiparty proximity testing with dishonest majority from equality testing
ICALP'12 Proceedings of the 39th international colloquium conference on Automata, Languages, and Programming - Volume Part II
Practical yet universally composable two-server password-authenticated secret sharing
Proceedings of the 2012 ACM conference on Computer and communications security
Efficient negative databases from cryptographic hash functions
ISC'07 Proceedings of the 10th international conference on Information Security
Security and Communication Networks
Secure and usable authentication on mobile devices
Proceedings of the 10th International Conference on Advances in Mobile Computing & Multimedia
A New Password-Based Multi-server Authentication Scheme Robust to Password Guessing Attacks
Wireless Personal Communications: An International Journal
Personal and Ubiquitous Computing
The Journal of Supercomputing
| Hi-index | 0.07 |
In a security system that allows people to choose their own passwords, people tend to choose passwords that can be easily guessed. This weakness exists in practically all widely used systems. Instead of forcing users to choose secrets that are likely to be difficult for them to remember, solutions that maintain user convenience and a high level of security at the same time are proposed. The basic idea is to ensure that data available to the attacker is sufficiently unpredictable to prevent an offline verification of whether a guess is successful or not. Common forms of guessing attacks are examined, examples of cryptographic protocols that are immune to such attacks are developed, and a systematic way to examine protocols to detect vulnerabilities to such attacks is suggested