Secure SAS-like password authentication schemes
نویسندگان
چکیده
Recently, there are several articles proposed for the so-called SAS password authentication scheme with lower storage, processing, and transmission overheads. For benefiting from these advantages, there are a series of researches on the SAS-like schemes. However, as knowledge of cryptanalysis has involved, a series of modification have been made. Unfortunately, those enhancements have still security flaws. In this paper, a security issue is found in the latest modification and removed to form a new one. The proposed schemes not only keep the original advantages but also highlight a feature, mutual authentication between a user and a remote server, found in many authentication protocols but not found in the SAS-like schemes. D 2004 Elsevier B.V. All rights reserved.
منابع مشابه
One-Time Password Authentication Scheme to Solve Stolen Verifier Problem
Secure authentication schemes between an authentication server and users are required to avoid many risks on the Internet. There are three authentication schemes: static password authentications like Basic and Digest Access Authentication[1], public-key certificate schemes, and one-time password schemes. In spite of using SSL/TLS, the static password authentications are known as being insecure ...
متن کاملRobust and Simple Authentication Protocol
Password-based authentication protocols are currently the conventional authentication protocols in many distributed systems. However, the security of these protocols is falling behind the times because more and more attacks can now break them. The security weaknesses of the Simple And Secure (SAS) protocol, the Optimal Strong-Password Authentication (OSPA) protocol, and the revised SAS protocol...
متن کاملA Secure YS-Like User Authentication Scheme
Recently, there are several articles proposed based on Yang and Shieh’s password authentication schemes (YS for short) with the following features: (1) A user can choose password freely. (2) The server does not need to maintain a password table. (3) There is no need to involve a trusted third party. Although there were several variants of the YS-like schemes claimed to address the forgery attac...
متن کاملPassword Entry Scheme Resistant to Eavesdropping
We propose an authentication scheme resistant to eavesdropping attacks. Users select an alphanumeric password with a length of 9-15 symbols. They can use this password in the traditional manner from a secure client. The same password can also be used from a non-secure client in a manner highly resistant to eavesdropping attacks. Although more complex than traditional password entry, in our test...
متن کاملA Secure Hash-Based Strong-Password Authentication Protocol Using One-Time Public-Key Cryptography
Secure communication is an important issue in networks and user authentication is a very important part of the security. Several strong-password authentication protocols have been introduced, but there is no fully secure authentication scheme that can resist all known attacks. We propose enhanced secure schemes with registration and login protocols, and add the “forget password” and password/ve...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Computer Standards & Interfaces
دوره 27 شماره
صفحات -
تاریخ انتشار 2004