Attacks and Solutions on Strong-Password Authentication
スポンサーリンク
概要
- 論文の詳細を見る
A password-based mechanism is the most widely used method of authentication in distributed environments. However, because people are used to choosing easy-to-remember passwords, so-called "weak-passwords, " dictionary attacks on them can succeed. The techniques used to prevent dictionary attacks lead to a heavy computational load. Indeed, forcing people to use well-chosen passwords, so-called "strong passwords, " with the assistance of tamper-resistant hardware devices can be regarded as another fine authentication solution. In this paper, we examine a recent solution, the SAS protocol, and demonstrate that it is vulnerable to replay and denial of service attacks. We also propose an Optimal Strong-Password Authentication (OSPA) protocol that is secure against stolen-verifier, replay, and denial of service attacks, and minimizes computation, storage, and transmission overheads.
- 社団法人電子情報通信学会の論文
- 2001-09-01
著者
-
Lin Chun-li
The Department Of Computer Science And Information Engineering
-
HWANG Tzonelih
the Department of Computer Science and Information Engineering, National Cheng Kung University
-
SUN Hung-Min
the Department of Computer Science, National Tsing Hua University
-
Sun H‐m
Chang Jung Univ. Tainan County Twn
-
Sun Hung-min
The Department Of Computer Science National Tsing Hua University
-
Hwang T
The Department Of Computer Science And Information Engineering National Cheng Kung University
関連論文
- Provably Secure Three-Party Password-Authenticated Key Exchange(Information Security)
- Attacks and Solutions on Strong-Password Authentication
- Improvement of Password Authenticated Key Exchange Based on RSA for Imbalanced Wireless Networks(Fundamental Theories)