• Title/Summary/Keyword: Password-based authentication

Search Result 353, Processing Time 0.026 seconds

Improved Secure Remote User Authentication Protocol

  • Lee, Ji-Seon;Park, Ji-Hye;Chang, Jik-Hyun
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.34 no.9B
    • /
    • pp.931-938
    • /
    • 2009
  • Recently, Holbl et al. proposed an improvement to Peyravian-Jeffries's password-based authentication protocol to overcome some security flaws. However, Munilla et al. showed that Holbl et al.'s improvement is still vulnerable to off-line password guessing attack. In this paper, we provide a secure password-based authentication protocol which gets rid of the security flaws of Holbl et al.'s protocol.

Development Direction of Personal Authentication System (개인 인증 체계의 발전 방향)

  • Yang, Gi-Chul
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2021.05a
    • /
    • pp.117-119
    • /
    • 2021
  • In this paper, the strengths and weaknesses of each type of personal authentication system are examined and the development direction of the personal authentication system is presented. Currently, the personal authentication system commonly used is a text-based password system. However, most of the current text-based password systems are weak in usability and security. In order to solve this problems a personal authentication system that can replace the text-based password system is required. In this paper, we take the recently developed graphical password system as an example to find the conditions and possibilities to replace the text-based password system, and present the development direction of the personal authentication system.

  • PDF

Analysis on Security Vulnerability of Password-based key Exchange and Authentication Protocols (패스워드 기반 키 교환 및 인증 프로토콜의 안전성에 관한 분석)

  • Park, Choon-Sik
    • Journal of Korea Multimedia Society
    • /
    • v.11 no.10
    • /
    • pp.1403-1408
    • /
    • 2008
  • A number of three party key exchange protocols using smart card in effort to reduce server side workload and two party password based key exchange authentication protocols has been proposed. In this paper, we introduce the survey and analysis on security vulnerability of smart card based three party authenticated key exchange protocols. Furthermore, we analyze Kwak et al's password based key exchange and authentication protocols which have shown security weakness such as Shim et al's off-line password guessing attack and propose the countermeasure to deter such attack.

  • PDF

An Improved Biometrics-based Password Authentication Scheme with Session Key Agreement

  • Yang, Hyungkyu
    • International Journal of Internet, Broadcasting and Communication
    • /
    • v.8 no.3
    • /
    • pp.50-57
    • /
    • 2016
  • In 2013, Li et al. proposed an improved smart card-based remote user password authentication scheme, and claimed that their scheme not only overcomes security weaknesses of the Chen et al.'s scheme but also is a more user friendly scheme compared with other schemes. In this paper, we analyze the security of Li et al.'s authentication scheme and we show that Li et al.'s authentication scheme is still insecure against the various attacks, such as the off-line password guessing attack, the forgery attack, and the session key generation attack etc. Also, we propose an improved scheme that can resist these security drawbacks of Li et al.'s authentication, even if the secret information stored in the smart card is revealed. As a result of security analysis, the improved scheme is relatively more secure against several attacks than other related schemes in terms of the security.

Security in the Password-based Identification

  • Park, Byung-Jun;Park, Jong-Min
    • Journal of information and communication convergence engineering
    • /
    • v.5 no.4
    • /
    • pp.346-350
    • /
    • 2007
  • Almost all network systems provide an authentication mechanism based on user ID and password. In such system, it is easy to obtain the user password using a sniffer program with illegal eavesdropping. The one-time password and challenge-response method are useful authentication schemes that protect the user passwords against eavesdropping. In client/server environments, the one-time password scheme using time is especially useful because it solves the synchronization problem. It is the stability that is based on Square Root Problem, and we would like to suggest PBSI(Password Based Secure Identification), enhancing the stability, for all of the well-known attacks by now including Off-line dictionary attack, password file compromise, Server and so on. The PBSI is also excellent in the aspect of the performance.

The Secure Password Authentication Method based on Multiple Hash Values that can Grant Multi-Permission to a Single Account (단수 계정에 다중 권한 부여가 가능한 다중 해시값 기반의 안전한 패스워드 인증 기법 설계)

  • Hyung-Jin Mun
    • Journal of Industrial Convergence
    • /
    • v.21 no.9
    • /
    • pp.49-56
    • /
    • 2023
  • ID is used as identifying information and password as user authentication for ID-based authentication. In order to have a secure user authentication, the password is generated as a hash value on the client and sent to the server, where it is compared with the stored information and authentication is performed. However, if even one character is incorrect, the different hash value is generated, authentication will be failed and cannot be performed and various functions cannot be applied to the password. In this study, we generate several hash value including imaginary number of entered password and transmit to server and perform authentcation. we propose a technique can grants the right differentially to give various rights to the user who have many rights by one account. This can defend shoulder surfing attack by imaginary password and provide convenience to users who have various rights by granting right based on password.

Human Memorable Password based Efficient and Secure Identification

  • Park Jong-Min
    • Journal of information and communication convergence engineering
    • /
    • v.3 no.4
    • /
    • pp.213-216
    • /
    • 2005
  • Almost all network systems provide an authentication mechanism based on user ID and password. In such system, it is easy to obtain the user password using a sniffer program with illegal eavesdropping. The one-time password and challenge-response method are useful authentication schemes that protect the user passwords against eavesdropping. In client/server environments, the one-time password scheme using time is especially useful because it solves the synchronization problem. It is the stability that is based on Square Root Problem, and we would like to suggest PBI(password Based Identification), enhancing the stability, for all of the well-known attacks by now including Off-line dictionary attack, password file compromise, Server and so on. The PBI is also excellent in the aspect of the performance.

Split Password-Based Authenticated Key Exchange (분할된 패스워드 기반 인증된 키교환 프로토콜)

  • 류종호;염흥열
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.14 no.5
    • /
    • pp.23-36
    • /
    • 2004
  • This paper presents a password based authentication and key exchange protocol which can be used for both authenticating users and exchanging session keys for a subsequent secure communication over an untrusted network. Our idea is to increase a randomness of the password verification data, i.e., we split the password, and then amplify the split passwords in the high entropy-structured password verification data. And in order to prevent the verifier-compromised attack, we construct our system such that the password verification data is encrypted with the verifier's key and the private key of verifier used to encrypt it is stored in a secure place like a smart cards. Also we propose the distributed password authentication scheme utilizing many authentication servers in order to prevent the server-compromised attack occurred when only one server is used. Furthermore, the security analysis on the proposed protocol has been presented as a conclusion.

Secure Password-based Authentication Method for Mobile Banking Services

  • Choi, Dongmin;Tak, Dongkil;Chung, Ilyong
    • Journal of Korea Multimedia Society
    • /
    • v.19 no.1
    • /
    • pp.41-50
    • /
    • 2016
  • Moblie device based financial services are vulnerable to social engineering attacks because of the display screen of mobile devices. In other words, in the case of shoulder surfing, attackers can easily look over a user's shoulder and expose his/her password. To resolve this problem, a colour-based secure keyboard solution has been proposed. However, it is inconvenient for genuine users to verify their password using this method. Furthermore, password colours can be exposed because of fixed keyboard colours. Therefore, we propose a secure mobile authentication method to provide advanced functionality and strong privacy. Our authentication method is robust to social engineering attacks, especially keylogger and shoulder surfing attacks. According to the evaluation results, our method offers increased security and improved usability compared with existing methods.

Improved Strong Password Mutual Authentication Protocol to Secure on Replay Attack (재전송 공격에 안전한 개선된 강력한 패스워드 상호인증 프로토콜)

  • Kim, Jun-Sub;Kwak, Jin
    • Journal of Advanced Navigation Technology
    • /
    • v.14 no.3
    • /
    • pp.415-425
    • /
    • 2010
  • In public network, user authentication is important security technology. Especially, password-based authentication method is used the most widely in distributed environments, and there are many authentication methods. Their SPMA protocol indicates vulnerability about problem that NSPA protocol does not offer mutual authentication, and proposed Strong Password Mutual Authentication protocol with mutual authentication. However, SPMA protocol has vulnerability of replay attack. In the paper, we analyzed vulnerability to replay attack of SPMA protocol. And we also proposed Improved Strong Password Mutual Authentication protocol to secure on replay attack with same efficiency.