Simulation for intrusion-resilient, DDoS-resistant authentication system (IDAS)
Proceedings of the 2008 Spring simulation multiconference
An efficient password-only two-server authenticated key exchange system
ICICS'07 Proceedings of the 9th international conference on Information and communications security
A secure dynamic identity based authentication protocol for multi-server architecture
Journal of Network and Computer Applications
Proposal for novel 3D password for providing authentication in critical web applications
Proceedings of the International Conference & Workshop on Emerging Trends in Technology
SSO password-based multi-server authentication protocol
International Journal of Communication Networks and Distributed Systems
Provably secure three-party authenticated key agreement protocol using smart cards
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
Most password-based user authentication systems place total trust on the authentication server where cleartext passwords or easily derived password verification data are stored in a central database. Such systems are, thus, by no means resilient against offline dictionary attacks initiated at the server side. Compromise of the authentication server by either outsiders or insiders subjects all user passwords to exposure and may have serious legal and financial repercussions to an organization. Recently, several multiserver password systems were proposed to circumvent the single point of vulnerability inherent in the single-server architecture. However, these multiserver systems are difficult to deploy and operate in practice since either a user has to communicate simultaneously with multiple servers or the protocols are quite expensive. In this paper, we present a practical password-based user authentication and key exchange system employing a novel two-server architecture. Our system has a number of appealing features. In our system, only a front-end service server engages directly with users while a control server stays behind the scene; therefore, it can be directly applied to strengthen existing single-server password systems. In addition, the system is secure against offline dictionary attacks mounted by either of the two servers.