A Remote User Authentication Scheme Using Strong Graphical Passwords

Conventional remote user strong-password authentication schemes have the common drawback that the user has to memorize a hard-to-remember textual password, and therefore their applications are restricted. To solve this problem, we propose a remote user authentication scheme using strong graphical passwords in this paper. As graphical passwords are easy to remember for the user and conventionally dictionary attacks on graphical passwords are infeasible, the practicability of the proposed scheme is improved. Next, we show that the proposed scheme can withstand the replay attack, the password-file compromise attack, the denial-of-service attack, the predictable n attack, and the insider attack. In particular, the proposed scheme is easily reparable

[1]  M. W. Calkins,et al.  Short studies in memory and in association from the Wellesly College Psychological Laboratory. , 1898 .

[2]  Steven M. Bellovin,et al.  Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise , 1993, CCS '93.

[3]  Chien-Ming Chen,et al.  Cryptanalysis of a Variant of Peyravian-Zunic's Password Authentication Scheme , 2003 .

[4]  Adrian Perrig,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Déjà Vu: A User Study Using Images for Authentication , 2000 .

[5]  David P. Jablon Strong password-only authenticated key exchange , 1996, CCRV.

[6]  Akihiro Shimizu,et al.  An Impersonation Attack on One-Time Password Authentication Protocol OSPA , 2003 .

[7]  E. A. Kirkpatrick An experimental study of memory. , 1894 .

[8]  電子情報通信学会 IEICE transactions on communications , 1992 .

[9]  S. Madigan,et al.  Factors Affecting Item Recovery and Hypermnesia in Free Recall , 1980 .

[10]  Matu-Tarow Noda,et al.  Simple and Secure Password Authentication Protocol (SAS) , 2000 .

[11]  Li Gong,et al.  Optimal authentification protocols resistant to password guessing attacks , 1995, Proceedings The Eighth IEEE Computer Security Foundations Workshop.

[12]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[13]  Julie Thorpe,et al.  Graphical Dictionaries and the Memorable Space of Graphical Passwords , 2004, USENIX Security Symposium.

[14]  Akihiro Shimizu,et al.  A dynamic password authentication method using a one-way function , 1991, Systems and Computers in Japan.

[15]  Mark Gluck,et al.  Memory and cognition , 2000, Clinical Neurophysiology.

[16]  Chien-Ming Chen,et al.  Stolen-Verifier Attack on Two New Strong-Password Authentication Protocols , 2002 .

[17]  Min-Shiang Hwang,et al.  Security enhancement for Optimal Strong-Password Authentication protocol , 2003, OPSR.

[18]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[19]  Chris J. Mitchell,et al.  Comments on the S/KEY user authentication scheme , 1996, OPSR.

[20]  Tzonelih Hwang,et al.  Reparable key distribution protocols for Internet environments , 1995, IEEE Trans. Commun..

[21]  Hung-Min Sun,et al.  Attacks and Solutions on Strong-Password Authentication , 2001 .