Security Mechanisms in High-Level Network Protocols
ACM Computing Surveys (CSUR)
Password security: a case history
Communications of the ACM
Using encryption for authentication in large networks of computers
Communications of the ACM
Using one-way functions for authentication
ACM SIGCOMM Computer Communication Review
A security risk of depending on synchronized clocks
ACM SIGOPS Operating Systems Review
Authentication in distributed systems: a bibliography
ACM SIGOPS Operating Systems Review
The KryptoKnight family of light-weight protocols for authentication and key distribution
IEEE/ACM Transactions on Networking (TON)
Undetectable on-line password guessing attacks
ACM SIGOPS Operating Systems Review
A note on redundancy in encrypted messages
ACM SIGCOMM Computer Communication Review
Secure password-based cipher suite for TLS
ACM Transactions on Information and System Security (TISSEC)
Over the Air Service Provisioning
SAC '98 Proceedings of the Selected Areas in Cryptography
Thwarting Timing Attacks Using ATM Networks
Revised Papers from the 9th International Workshop on Security Protocols
An Adaptable and Reliable Authentication Protocol for Communication Networks
INFOCOM '97 Proceedings of the INFOCOM '97. Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Driving the Information Revolution
A secure and efficient strong-password authentication protocol
ACM SIGOPS Operating Systems Review
Proceedings of the 43rd annual Southeast regional conference - Volume 2
On countering online dictionary attacks with login histories and humans-in-the-loop
ACM Transactions on Information and System Security (TISSEC)
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Practical Password-Based Authenticated Key Exchange Protocol
Computational Intelligence and Security
Towards practical biometric key generation with randomized biometric templates
Proceedings of the 15th ACM conference on Computer and communications security
CROO: A Universal Infrastructure and Protocol to Detect Identity Fraud
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Efficient and Strongly Secure Password-Based Server Aided Key Exchange (Extended Abstract)
INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
Efficient and secure authenticated key exchange using weak passwords
Journal of the ACM (JACM)
Provably secure password-authenticated key exchange using Diffie-Hellman
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Three-party password authenticated key agreement resistant to server compromise
WISA'06 Proceedings of the 7th international conference on Information security applications: PartI
Forward secrecy in password-only key exchange protocols
SCN'02 Proceedings of the 3rd international conference on Security in communication networks
Design and implementation of a public key-based group collaboration system
Computer Communications
On the security of some password-based key agreement schemes
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
Two-server password-only authenticated key exchange
Journal of Computer and System Sciences
An improvement on strong-password authentication protocols
ICESS'05 Proceedings of the Second international conference on Embedded Software and Systems
Two-Server password-only authenticated key exchange
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Strengthening password-based authentication protocols against online dictionary attacks
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Efficient and leakage-resilient authenticated key transport protocol based on RSA
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Hard bits of the discrete log with applications to password authentication
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
A formal approach for automated reasoning about off-line and undetectable on-line guessing
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
An inter-domain key agreement protocol using weak passwords
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part III
Secure password-based authenticated group key agreement for data-sharing peer-to-peer networks
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
Tutorial: Efficient and secure password-based authentication protocols against guessing attacks
Computer Communications
Efficient password-based authenticated key exchange without public information
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Hi-index | 0.01 |
It is well-known that, left to themselves, people will choose passwords that can be rather readily guessed. If this is done, they are usually vulnerable to an attack based on copying the content of messages forming part of an authentication protocol and experimenting, e.g. with a dictionary, offline. The most usual counter to this threat is to require people to use passwords which are obscure, or even to insist on the system choosing their passwords for them. In this paper we show alternatively how to construct an authentication protocol in which offline experimentation is impracticable; any attack based on experiment must involve the real authentication server and is thus open to detection by the server noticing multiple attempts.