An Improved Password-Based Remote User Authentication Protocol without Smart Cards

Jiang, Qi; Ma, Jianfeng; Li, Guangsong; Ma, Zhuo

doi:10.5755/j01.itc.42.2.2079

Cited by 25 publications

(51 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We however note that they had another version of the protocol which works with smart card in [2]. Once we demonstrate the vulnerability in [1] against the clogging attack, the vulnerability is easily observed to work for [2] as well. Jiang et al's protocol in [1] is an improvement over Chen at al.…”

Section: Jiang Et Al's Password Based Protocolmentioning

confidence: 99%

“…Once we demonstrate the vulnerability in [1] against the clogging attack, the vulnerability is easily observed to work for [2] as well. Jiang et al's protocol in [1] is an improvement over Chen at al. 's protocol [4] which they proved to be vulnerable against the off-line dictionary attack.…”

Section: Jiang Et Al's Password Based Protocolmentioning

confidence: 99%

“…The first protocol we look at in this work is due to Jiang et al [1] It is a remote authentication protocol, which does not involve smart cards. We however note that they had another version of the protocol which works with smart card in [2].…”

Section: Jiang Et Al's Password Based Protocolmentioning

confidence: 99%

“…The first such multi-factor authentication protocol we consider here is by Jiang et al [1]. It is a memory device aided password authentication protocol.…”

Section: Introductionmentioning

confidence: 99%

“…In this kind of protocols (e.g. [1], [4], [6]), the authentication information (issued by a server) is stored in a memory device such as universal serial bus (USB) sticks, portable HDDs, mobile phones, PDAs, PCs etc. A very common example is a software protection dongle that is used frequently now-a-days for various purposes.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Cryptanalysis and Security Enhancement of Two Advanced Authentication Protocols

Talluri

Roy

2014

Advanced Computing, Networking and Informatics- Volume 2

View full text Add to dashboard Cite

Abstract. In this work we consider two protocols for performing cryptanalysis and security enhancement. The first one by Jiang et al., is a password-based authentication scheme 1 which does not use smart cards. We note that this scheme is an improvement over Chen et al.'s scheme shown vulnerable to the off-line dictionary attack by Jiang et al. We perform a cryptanalysis on Jiang at al.'s improved protocol and observe that it is prone to the clogging attack, a kind of denial of service (DoS) attack. We then suggest an improvement on the protocol to prevent the clogging attack. The other protocol we consider for analysis is by Wang et al. This is a smart card based authentication protocol. We again perform the clogging (DoS) attack on this protocol via replay. We observe that all smart card based authentication protocols which precede the one by Wang et al., and require the server to compute the computationally intensive modular exponentiation are prone to the clogging attack. We suggest (another) improvement on the protocol to prevent the clogging attack, which also applies to the protocol by Jiang et. al.

show abstract

Section: Jiang Et Al's Password Based Protocolmentioning

confidence: 99%

Section: Jiang Et Al's Password Based Protocolmentioning

confidence: 99%

Section: Jiang Et Al's Password Based Protocolmentioning

confidence: 99%

“…The first such multi-factor authentication protocol we consider here is by Jiang et al [1]. It is a memory device aided password authentication protocol.…”

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Cryptanalysis and Security Enhancement of Two Advanced Authentication Protocols

Talluri

Roy

2014

Advanced Computing, Networking and Informatics- Volume 2

View full text Add to dashboard Cite

show abstract

Design of a user anonymous password authentication scheme without smart card

Kumari

Khan

et al. 2014

Int J Communication

View full text Add to dashboard Cite

Summary Recently, Jiang et al. and He et al. independently found security problems in Chen et al.'s remote user authentication scheme for non‐tamper‐proof storage devices like Universal Serial Bus stick and proposed improvements. Nonetheless, we detect that the schemes proposed by Jiang et al. and He et al. overlook a user's privacy. We also observe that Jiang et al.'s scheme is vulnerable to insider attack and denial of service attacks and lacks forward secrecy. We point out that the password changing facility in He et al.'s scheme is equivalent to undergoing registration, whereas in Jiang et al.'s scheme, it is unsuitable. Moreover, the login phase of both the schemes is incapable to prevent the use of wrong password leading to the computation of an unworkable login request. Therefore, we design a new scheme with user anonymity to surmount the identified weaknesses. Without adding much in communication/computational cost, our scheme provides more security characteristics and keeps the merits of the original schemes. As compared with its predecessor schemes, the proposed scheme stands out as a more apt user authentication method for common storage devices. We have also presented a formal proof of security of the proposed scheme based on the logic proposed by Burrows, Abadi and Needham (BAN logic). Copyright © 2014 John Wiley & Sons, Ltd.

show abstract

Cryptanalysis and improvement of a three‐party password‐based authenticated key exchange protocol with user anonymity using extended chaotic maps

Farash

Attari

Kumari

2014

Int J Communication

View full text Add to dashboard Cite

Three-party password-authenticated key exchange (3PAKE) protocols allow two clients to agree on a secret session key through a server via a public channel. 3PAKE protocols have been designed using different arithmetic aspects including chaotic maps. Recently, Lee et al. proposed a 3PAKE protocol using Chebyshev chaotic maps and claimed that their protocol has low computation and communication cost and can also resist against numerous attacks. However, this paper shows that in spite of the computation and communication efficiency of the Lee et al. protocol, it is not secure against the modification attack. To conquer this security weakness, we propose a simple countermeasure, which maintains the computation and communication efficiency of the Lee et al. protocol.of 10 S AB D h.SKjjAjjB/. If it holds, both server S and user B are authenticated and the common session key SK is agreed upon.

show abstract

An Improved Password-Based Remote User Authentication Protocol without Smart Cards

Cited by 25 publications

References 0 publications

Cryptanalysis and Security Enhancement of Two Advanced Authentication Protocols

Cryptanalysis and Security Enhancement of Two Advanced Authentication Protocols

Design of a user anonymous password authentication scheme without smart card

Cryptanalysis and improvement of a three‐party password‐based authenticated key exchange protocol with user anonymity using extended chaotic maps

Contact Info

Product

Resources

About