Design of a user anonymous password authentication scheme without smart card

Kumari, Saru; Khan, Muhammad Khurram; Li, Xiong; Wu, Fan

doi:10.1002/dac.2853

Cited by 21 publications

(17 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Authentication is, thus, the process of verifying the identity of a user as part of a system's access control to protect the information stored within them [1]. Various authentication techniques have been proposed in literature, such as text passwords [2,3], smart cards [4,5], and biometrics [6][7][8]. All of the mentioned techniques belong to distinct authentication factors.…”

Section: Introductionmentioning

confidence: 99%

Multifactor Authentication Methods: A Framework for Their Comparison and Selection

Velásquez¹,

Caro²,

Rodríguez³

2020

Computer and Network Security

View full text Add to dashboard Cite

There are multiple techniques for users to authenticate themselves in software applications, such as text passwords, smart cards, and biometrics. Two or more of these techniques can be combined to increase security, which is known as multifactor authentication. Systems commonly utilize authentication as part of their access control with the objective of protecting the information stored within them. However, the decision of what authentication technique to implement in a system is often taken by the software development team in charge of it. A poor decision during this step could lead to a fatal mistake in relation to security, creating the necessity for a method that systematizes this task. Thus, this book chapter presents a theoretical decision framework that tackles this issue by providing guidelines based on the evaluated application's characteristics and target context. These guidelines were defined through the application of an extensive action-research methodology in collaboration with experts from a multinational software development company.

show abstract

Section: Introductionmentioning

confidence: 99%

Multifactor Authentication Methods: A Framework for Their Comparison and Selection

Velásquez¹,

Caro²,

Rodríguez³

2020

Computer and Network Security

View full text Add to dashboard Cite

show abstract

“…While it has been found that the password-based singleserver authentication protocols always risk in stolen-verifier attack, because the server has to maintain a password related table. Thus, the smart card, as a second security factor, gets widely used [1][2][3][4][5].…”

Section: Introductionmentioning

confidence: 99%

A Secure and Anonymous Two-Factor Authentication Protocol in Multiserver Environment

Wang

2018

Security and Communication Networks

View full text Add to dashboard Cite

With the great development of network technology, the multiserver system gets widely used in providing various of services. And the two-factor authentication protocols in multiserver system attract more and more attention. Recently, there are two new schemes for multiserver environment which claimed to be secure against the known attacks. However, after a scrutinization of these two schemes, we found that (1) their description of the adversary's abilities is inaccurate; (2) their schemes suffer from many attacks. Thus, firstly, we corrected their description on the adversary capacities to introduce a widely accepted adversary model and then summarized fourteen security requirements of multiserver based on the works of pioneer contributors. Secondly, we revealed that one of the two schemes fails to preserve forward secrecy and user anonymity and cannot resist stolen-verifier attack and off-line dictionary attack and so forth and also demonstrated that another scheme fails to preserve forward secrecy and user anonymity and is not secure to insider attack and off-line dictionary attack, and so forth. Finally, we designed an enhanced scheme to overcome these identified weaknesses, proved its security via BAN logic and heuristic analysis, and then compared it with other relevant schemes. The comparison results showed the superiority of our scheme.

show abstract

“…They have become an important criterion of an ideal remote authentication scheme. Most of remote user authentication schemes [4,[40][41][42] are designed and evaluated according to them, while none of the schemes could actually satisfy them simultaneously. Therefore, many researchers begin to pay more attention to e a l 2 Password dependent 3 No verification table 4 Freely chosen password by the users 5 F o r w a r d s e c r e c y 6…”

Section: Introductionmentioning

confidence: 99%

Cryptanalysis of Three Password-Based Remote User Authentication Schemes with Non-Tamper-Resistant Smart Card

Wang¹,

Xu²

2017

Security and Communication Networks

View full text Add to dashboard Cite

Remote user authentication is the first step to guarantee the security of online services. Online services grow rapidly and numerous remote user authentication schemes were proposed with high capability and efficiency. Recently, there are three new improved remote user authentication schemes which claim to be resistant to various attacks. Unfortunately, according to our analysis, these schemes all fail to achieve some critical security goals. This paper demonstrates that they all suffer from offline dictionary attack or fail to achieve forward secrecy and user anonymity. It is worth mentioning that we divide offline dictionary attacks into two categories: (1) the ones using the verification from smart cards and (2) the ones using the verification from the open channel. The second is more complicated and intractable than the first type. Such distinction benefits the exploration of better design principles. We also discuss some practical solutions to the two kinds of attacks, respectively. Furthermore, we proposed a reference model to deal with the first kind of attack and proved its effectiveness by taking one of our cryptanalysis schemes as an example.

show abstract

Design of a user anonymous password authentication scheme without smart card

Cited by 21 publications

References 31 publications

Multifactor Authentication Methods: A Framework for Their Comparison and Selection

Multifactor Authentication Methods: A Framework for Their Comparison and Selection

A Secure and Anonymous Two-Factor Authentication Protocol in Multiserver Environment

Cryptanalysis of Three Password-Based Remote User Authentication Schemes with Non-Tamper-Resistant Smart Card

Contact Info

Product

Resources

About