Threshold password authentication against guessing attacks in Ad hoc networks

Password authentication has been accepted as one of the commonly used solutions in network environment to protect resources from unauthorized access. The emerging mobile Ad hoc network, however, has called for new requirements for designing authentication schemes due to its dynamic nature and vulnerable-to-attack structure, which the traditional schemes overlooked, such as availability and strong security against off line guessing attacks in face of node compromise. In this paper, we propose a threshold password authentication scheme, which meets both availability and strong security requirements in the mobile Ad hoc networks. In our scheme, t out of n server nodes can jointly achieve mutual authentication with a registered user within only two rounds of message exchanges. Our scheme allows users to choose and change their memorable password without subjecting to guessing attacks. Moreover, there is no password table in the server nodes end, which is preferable since mobile nodes are usually memory-restricted devices. We also show that our scheme is efficient to be implemented in mobile devices.

[1]  Markus Jakobsson,et al.  Threshold Password-Authenticated Key Exchange , 2002, CRYPTO.

[2]  Min-Shiang Hwang,et al.  A modified remote user authentication scheme using smart cards , 2003, IEEE Trans. Consumer Electron..

[3]  Chin-Chen Chang,et al.  Remote password authentication with smart cards , 1991 .

[4]  Chin-Chen Chang,et al.  Some Forgery Attacks on a Remote User Authentication Scheme Using Smart Cards , 2003, Informatica.

[5]  Kefei Chen,et al.  Cryptanalysis of a timestamp-based password authentication scheme , 2004, IACR Cryptol. ePrint Arch..

[6]  Chin-Chen Chang,et al.  A secure and efficient strong-password authentication protocol , 2004, OPSR.

[7]  Chen Chien-Ming,et al.  Stolen-Verifier Attack on Two New Strong-Password Authentication Protocols(Regular Section) , 2002 .

[8]  Chien-Lung Hsu Security of Chien et al.'s remote user authentication scheme using smart cards , 2004, Comput. Stand. Interfaces.

[9]  Hung-Yu Chien,et al.  An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[10]  Kee-Young Yoo,et al.  Improvement of Chien et al.'s remote user authentication scheme using smart cards , 2005, Comput. Stand. Interfaces.

[11]  Benny Pinkas,et al.  Securing passwords against dictionary attacks , 2002, CCS '02.

[12]  Shiuh-Pyng Shieh,et al.  Password authentication schemes with smart cards , 1999, Comput. Secur..

[13]  Hung-Min Sun,et al.  An efficient remote use authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[14]  Hung-Yu Chien,et al.  A remote authentication scheme preserving user anonymity , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[15]  Min-Shiang Hwang,et al.  Security enhancement for the timestamp-based password authentication scheme using smart cards , 2003, Comput. Secur..

[16]  Cheng-Chi Lee,et al.  A simple remote user authentication scheme , 2002 .

[17]  Jerome H. Saltzer,et al.  Protecting Poorly Chosen Secrets from Guessing Attacks , 1993, IEEE J. Sel. Areas Commun..

[18]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[19]  Xiaoping Wu,et al.  Cryptanalysis of a Remote User Authentication Scheme Using Smart Cards , 2009, 2009 5th International Conference on Wireless Communications, Networking and Mobile Computing.

[20]  David P. Jablon Strong password-only authenticated key exchange , 1996, CCRV.

[21]  Chi-Kwong Chan,et al.  Cryptanalysis of a modified remote user authentication scheme using smart cards , 2003, IEEE Trans. Consumer Electron..

[22]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[23]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[24]  Ashutosh Saxena,et al.  A dynamic ID-based remote user authentication scheme , 2004, IEEE Transactions on Consumer Electronics.

[25]  Taekyoung Kwon,et al.  Efficient and secure password-based authentication protocols against guessing attacks , 1998, Comput. Commun..

[26]  Lee-Ming Cheng,et al.  Cryptanalysis of a Timestamp-Based Password Authentication Scheme , 2002, Comput. Secur..

[27]  Ivan Stojmenovic,et al.  Ad hoc Networking , 2004 .

[28]  Lei Fan,et al.  An enhancement of timestamp-based password authentication scheme , 2002, Comput. Secur..

[29]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[30]  Hung-Min Sun,et al.  An Efficient Remote User Authentication Scheme Using Smart Cards , 2000 .

[31]  Amit K. Awasthi,et al.  A remote user authentication scheme using smart cards with forward secrecy , 2003, IEEE Trans. Consumer Electron..

[32]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[33]  Chou Chen Yang,et al.  Cryptanalysis of a user friendly remote authentication scheme with smart cards , 2004, Comput. Secur..

[34]  Rosario Gennaro,et al.  Provably secure threshold password-authenticated key exchange , 2003, J. Comput. Syst. Sci..

[35]  Shyi-Tsong Wu,et al.  A user friendly remote authentication scheme with smart cards , 2003, Comput. Secur..

[36]  Cheng-Chi Lee,et al.  A password authentication scheme over insecure networks , 2006, J. Comput. Syst. Sci..

[37]  Zhenfu Cao,et al.  Efficient remote user authentication scheme using smart card , 2005, Comput. Networks.

[38]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[39]  Chien-Ming Chen,et al.  Stolen-Verifier Attack on Two New Strong-Password Authentication Protocols , 2002 .