论文信息 - Security flaws of remote user access over insecure networks

Security flaws of remote user access over insecure networks

Remote user authentication based on passwords over untrusted networks is the conventional method of authentication in the Internet and mobile communication environments. Typical secure remote user access solutions rely on pre-established secure cryptographic keys, public-key infrastructure, or secure hardware. Recently, Peyravian and Jeffries proposed password-based protocols for remote user authentication, password change, and session key establishment over insecure networks without requiring any additional private- or public-key infrastructure. In this paper we point out security flaws of Peyravian-Jeffries's protocols against off-line password guessing attacks and Denial-of-Service attacks.

Kyung-Ah Shim

[1] Horng-Twu Liaw. Password authentications using triangles and straight lines , 1995 .

[2] Hung-Min Sun,et al. On the Security of Some Password Authentication Protocols , 2003, Informatica.

[3] Jing-Jang Hwang,et al. Improvement on Peyravian-Zunic's Password Authentication Schemes , 2002 .

[4] David P. Jablon. Strong password-only authenticated key exchange , 1996, CCRV.

[5] Whitfield Diffie,et al. New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[6] Chien-Ming Chen,et al. Weaknesses of Lee-Li-Hwang's hash-based password authentication scheme , 2003, OPSR.

[7] Sarvar Patel,et al. Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[8] Chun-Li Lin,et al. A password authentication scheme with secure password updating , 2003, Comput. Secur..

[9] Hugo Krawczyk,et al. Public-key cryptography and password protocols , 1999 .

[10] Nevenko Zunic,et al. Methods for Protecting Password Transmission , 2000, Comput. Secur..

[11] Mohammad Peyravian,et al. Secure remote user access over insecure networks , 2006, Comput. Commun..