Off-line password-guessing attack to Peyravian–Jeffries’s remote user authentication protocol

2006 ◽  
Vol 30 (1) ◽  
pp. 52-54 ◽  
Author(s):  
J. Munilla ◽  
A. Peinado
Keyword(s):  
User Authentication ◽  
Authentication Protocol ◽  
Password Guessing Attack ◽  
Remote User Authentication ◽  
Guessing Attack ◽  
Remote User

Analysis of the Dynamic ID-Based Remote User Authentication Schemes Using Smart Card for Multi-Server Environments

2014 ◽  
Vol 543-547 ◽  
pp. 3343-3347
Author(s):  
Xue Lei Li ◽  
Qiao Yan Wen ◽  
Wen Min Li ◽  
Hua Zhang ◽  
Zheng Ping Jin
Keyword(s):  
Smart Card ◽  
User Authentication ◽  
Password Guessing Attack ◽  
Remote User Authentication ◽  
Diffie Hellman ◽  
Dynamic Id ◽  
Authentication Schemes ◽  
Guessing Attack ◽  
Multi Server ◽  
Remote User

In this paper, we analyze and point out several weaknesses in the dynamic ID-based remote user authentication schemes using smart card for multi-server environments, and present the countermeasures to enhance the security of the schemes. Taking Li et al.'s scheme for instance, we demonstrate that their scheme does not provide forward secrecy and key privacy for the session keys, and cannot resist offline password guessing attack. Furthermore, the reasons of these security weaknesses are analyzed through extending the attacks to its predecessors. Finally, the improved ideas of local verification and authenticated Diffie-Hellman key agreement are presented to overcome the weaknesses mentioned above.

scholarly journals Revisiting the “An Improved Remote user Authentication Scheme with Key Agreement”

2018 ◽  
Vol 11 (4) ◽  
pp. 190-194
Author(s):  
YALIN CHEN ◽  
JUE-SAM CHOU ◽  
I - CHIUNG LIAO
Keyword(s):  
Smart Card ◽  
Key Agreement ◽  
User Authentication ◽  
Authentication Scheme ◽  
Session Key ◽  
Password Guessing Attack ◽  
Remote User Authentication ◽  
User Authentication Scheme ◽  
Guessing Attack ◽  
Remote User

Recently, Kumari et al., pointed out that Chang et al.’s scheme “Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update” has several drawbacks and does not provide any session key agreement. Hence, they proposed an improved remote user authentication scheme with key agreement based on Chang et al.’s protocol. They claimed that the improved method is secure. However, we found that their improvement still has both anonymity breach and smart card loss password guessing attack which cannot be violated in the ten basic requirements advocated for a secure identity authentication using smart card by Liao et al. Thus, we modify their protocol to encompass these security functionalities which are needed in a user authentication system using smart card.

Cryptanalysis of Ahirwal-Sonwanshi ID-Based Remote User Authentication Scheme

2015 ◽  
Vol 764-765 ◽  
pp. 858-862 ◽  
Author(s):  
Yung Cheng Lee ◽  
Pei Ju Lee
Keyword(s):  
Smart Card ◽  
User Authentication ◽  
Denial Of Service ◽  
Authentication Scheme ◽  
Password Guessing Attack ◽  
Insider Attack ◽  
Remote User Authentication ◽  
User Authentication Scheme ◽  
Guessing Attack ◽  
Remote User

Due to the rapid growth of computer and communication technologies, people obtain variety of online services quickly. However, all networks are vulnerable to lots of security threats and attacks. The remote authentication scheme provides an efficient method to validate the remote users and servers. Ahirwal and Sonwanshi proposed a remote user authentication scheme with smart card in 2012. They indicated that Song’s smart card based password authentication protocol cannot resist the offline password guessing attack, insider attack, forward secrecy and denial of service attack. They proposed an ID-based authentication scheme to fix security flaws. The scheme uses one-way hash function and bitwise XOR operation such that the computation complexity is very low. However, in this article, we will show that their scheme cannot withstand the offline password guessing attack as they declared. An adversary can use the intercepted messages of two login sessions to obtain the password.

Attacks on Young-Hwa An’s Improved Dynamic ID-Based Remote User Authentication Scheme

2014 ◽  
Vol 556-562 ◽  
pp. 5235-5238
Author(s):  
Cheng Qiang Xu ◽  
Zhen Li Zhang
Keyword(s):  
User Authentication ◽  
Authentication Scheme ◽  
Session Key ◽  
Forgery Attack ◽  
Password Guessing Attack ◽  
Remote User Authentication ◽  
Dynamic Id ◽  
User Authentication Scheme ◽  
Guessing Attack ◽  
Remote User

In 2011, Khan et al. analyzed and improved an enhanced secure dynamic ID-based remote user authentication scheme to overcome the weakness of Wang et al.’s scheme. In 2013, Young-Hwa An showed that Khan et al.’s scheme is not secure because Khan et al.’s scheme can not resist password guessing attack, forgery attack and does not provide user anonymity. After that he proposed a security improvement of dynamic ID-based remote user authentication scheme with session key agreement to remedy the weakness in Khan et al.’s scheme. Recently, through our study, we have found that Young-Hwa An’s mechanism is not secure enough. There still exists insider user’s attack, anonymity attack and forgery attack.

scholarly journals Elliptic Curve Cryptography based Secure and Efficient Authentication Protocol for Smart Card Users

2019 ◽  
Vol 9 (2) ◽  
pp. 3393-3397
Keyword(s):  
Elliptic Curve ◽  
Smart Card ◽  
Elliptic Curve Cryptography ◽  
User Authentication ◽  
Authentication Protocol ◽  
Password Guessing Attack ◽  
Communication Scheme ◽  
Guessing Attack ◽  
S Model ◽  
Remote User

Communication scheme which is used to have communication between authorized remote users over an insecure network is generally the authentication scheme which uses the password for the authentication. Remote user authentication techniques using the smart card have been proposed by many researchers. The main benefit of using the smart card is the storage availability and the computation speed. Huang et al. proposed a scheme for user authentication with smart cards which uses the concept of the timestamp. In Huang et al.’s protocol authors argued that their protocol is secure and efficient against any type of attack. Unfortunately Jung et al. show that Huang et al.’s model fails against the offline password guessing attack and with this scheme wrong password detection is not easy. In Huang et al.’s scheme, RSA cryptosystem is used to offer the authentication. In this article, advanced and secure smart card based authentication protocol using elliptic curve cryptography (ECC) is proposed. This proposed scheme thus overcomes all the possible drawbacks of Huang et al.’s scheme, and it has faster computation as compared to the available schemes

Sign in / Sign up

Export Citation Format

Share Document