Strong password-only authenticated key exchange
ACM SIGCOMM Computer Communication Review
Public-key cryptography and password protocols
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Secure remote user access over insecure networks
Computer Communications
Provably secure password-authenticated key exchange using Diffie-Hellman
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
New directions in cryptography
IEEE Transactions on Information Theory
Security flaw of Hölbl et al.'s protocol
Computer Communications
Improvement of Hölbl et al. user authentication protocol and password change protocol
Proceedings of the 11th International Conference on Information Integration and Web-based Applications & Services
| Hi-index | 0.24 |
Remote user authentication based on passwords over untrusted networks is the conventional method of authentication in the Internet and mobile communication environments. Typical secure remote user access solutions rely on pre-established secure cryptographic keys, public-key infrastructure, or secure hardware. Recently, Peyravian and Jeffries proposed password-based protocols for remote user authentication, password change, and session key establishment over insecure networks without requiring any additional private- or public-key infrastructure. In this paper we point out security flaws of Peyravian-Jeffries's protocols against off-line password guessing attacks and Denial-of-Service attacks.