User Authentication with Provable Security against Online Dictionary Attacks
نویسندگان
چکیده
Dictionary attacks are the best known threats on the password-based authentication schemes. Based on Reverse Turing Test (RTT), some usable and scalable authentication schemes are proposed to defeat online dictionary attacks mounted by automated programs. However it is found that these authentication schemes are vulnerable to various online dictionary attacks. In this paper, a practical decision function is presented, based on which RTT authentication schemes are constructed and shown to be secure against all the known online dictionary attacks. After formally modeling of the adversary, the static and dynamic security of the authentication schemes are proved formally. Index Term-Online Dictionary attack; Reverse Turing Test;
منابع مشابه
Single password authentication
Users frequently reuse their passwords when authenticating to various online services. Combined with the use of weak passwords or honeypot/phishing attacks, this brings high risks to the security of the user’s account information. In this paper, we propose several protocols that can allow a user to use a single password to authenticate to multiple services securely. All our constructions provab...
متن کاملA Mutual Authentication Method for Internet of Things
Today, we are witnessing the expansion of various Internet of Things (IoT) applications and services such as surveillance and health. These services are delivered to users via smart devices anywhere and anytime. Forecasts show that the IoT, which is controlled online in the user environment, will reach 25 billion devices worldwide by 2020. Data security is one of the main concerns in the IoT. ...
متن کاملA Text based Authentication Scheme for Improving Security of Textual Passwords
User authentication through textual passwords is very common in computer systems due to its ease of use. However textual passwords are vulnerable to different kinds of security attacks, such as spyware and dictionary attacks. In order to overcome the deficiencies of textual password scheme, many graphical password schemes have been proposed. The proposed schemes could not fully replace textual ...
متن کاملInverse Cookie-based Virtual Password Authentication Protocol
Password is the most commonly used authentication technique to authenticate the users on the web. Password based authentication protocols are susceptible to dictionary attacks by means of automated programs because most of the user chosen passwords are limited to the user’s personal domain. In this paper, we propose an inverse cookie based virtual password authentication protocol that preserves...
متن کاملBiometric Authentication of Fingerprint for Banking Users, Using Stream Cipher Algorithm
Providing banking services, especially online banking and electronic payment systems, has always been associated with high concerns about security risks. In this paper, customer authentication for their transactions in electronic banking has been discussed, and a more appropriate way of using biometric fingerprint data, as well as encrypting those data in a different way, has been suggest...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- JNW
دوره 4 شماره
صفحات -
تاریخ انتشار 2009