Online citations, reference lists, and bibliographies.
← Back to Search

A Password Authentication Scheme Over Insecure Networks

I. Liao, C. Lee, M. Hwang
Published 2006 · Computer Science

Save to my Library
Download PDF
Analyze on Scholarcy
Share
Authentication ensures that system's resources are not obtained fraudulently by illegal users. Password authentication is one of the simplest and the most convenient authentication mechanisms over insecure networks. The problem of password authentication in an insecure networks is present in many application areas. Since computing resources have grown tremendously, password authentication is more frequently required in areas such as computer networks, wireless networks, remote login, operation systems, and database management systems. Many schemes based on cryptography have been proposed to solve the problem. However, previous schemes are vulnerable to various attacks and are neither efficient, nor user friendly. Users cannot choose and change their passwords at will. In this paper, we propose a new password authentication scheme to achieve the all proposed requirements. Furthermore, our scheme can support the Diffie-Hellman key agreement protocol over insecure networks. Users and the system can use the agreed session key to encrypt/decrypt their communicated messages using the symmetric cryptosystem.
This paper references
10.1016/S0167-4048(02)00415-7
An Efficient and Practical Solution to Remote Authentication: Smart Card
H. Chien (2002)
10.6633/IJNS.200511.1(3).03
Two Attacks on the Wu-Hsu User Identification Scheme
C. Lee (2005)
10.17487/RFC2289
A One-Time Password System
N. Haller (1998)
Simple and Secure Password Authentication Protocol (SAS)
Manjula Sandirigama (2000)
10.1145/357980.358017
A method for obtaining digital signatures and public-key cryptosystems
R. Rivest (1983)
10.1109/30.826377
A new remote user authentication scheme using smart cards
M. Hwang (2000)
Man-in-the-Middle Attack on the Authentication of the User from the Remote Autonomous Object
Cheng-Ying Yang (2005)
10.1145/361082.361089
A high security log-in procedure
G. Purdy (1974)
A dynamic password authentication method by one-way function
A. Shimizu (1990)
10.1086/279425
Biometrics
R. Pearl (1914)
The S/KEY (TM) one-time password system
N. Haller (1994)
10.1007/3-540-39568-7_2
A public key cryptosystem and a signature scheme based on discrete logarithms
T. Elgamal (1984)
10.1145/240799.240801
Comments on the S/KEY user authentication scheme
C. Mitchell (1996)
Stolen-Verifier Attack on Two New Strong-Password Authentication Protocols
Chien-Ming Chen (2002)
10.1016/S0164-1212(98)00006-5
"Paramita wisdom" password authentication scheme without verification tables
J. Jan (1998)
10.1016/S0167-4048(03)00709-0
Security enhancement for the timestamp-based password authentication scheme using smart cards
Jau-Ji Shen (2003)
A Password Authentication Method for Contents Communications on the Internet
A. Shimizu (1998)
10.1145/361082.361087
A user authentication scheme not requiring secrecy in the computer
A. Evans (1974)
Man - inthemiddle attack on the authentication of the user from the remote autonomous object , Internat
H.-Y. Shen (2005)
A dynamic password authentication method by one - way function , IEICE Trans
T. Horioka A. Shimizu (1990)
10.3233/INF-2001-12208
An Improvement of SPLICE/AS in WIDE against Guessing Attack
M. Hwang (2001)
A Simple Attack on a Recently Introduced Hash-based Strong-password Authentication Scheme
M. Kim (2005)
10.1016/0167-4048(95)97054-E
Biometrics, is it a viable proposition for identity authentication and access control?
H. Kim (1995)
10.17487/RFC1321
The MD5 Message-Digest Algorithm
R. Rivest (1992)
10.1109/TENCON.1990.152691
Design and implementation of an authentication system in WIDE Internet environment
S. Yamaguchi (1990)
Koc , A simple attack on a recently introduced hashbased strongpassword authentication scheme , Internat
C. K. M. Kim (1995)
Attacks and Solutions on Strong-Password Authentication
Chun-Li Lin (2001)
10.1016/S0895-7177(02)00106-1
A simple remote user authentication scheme
M. Hwang (2002)
10.1007/978-1-4615-6153-8_4
Data Encryption Standards
W. Kou (1997)
A Secure One-Time Password Authentication Scheme Using Smart Cards
Tzu-Chang Yeh (2002)
Cryptanalysis of a Secure One-time Password Authentication Scheme with Low-communication for Mobile Communications
H. Wu (2005)
10.1016/S0167-4048(99)80136-9
Password authentication schemes with smart cards
Wen-Her Yang (1999)
10.1016/0140-3664(96)81595-7
Remote login authentication scheme based on a geometric approach
T. Wu (1995)
Noda , Simple and secure password authentication protocol ( SAS ) , IEICE Trans
A. Shimizu M. Sandirigama (1978)
10.1109/30.920446
An efficient remote use authentication scheme using smart cards
H. Sun (2000)
Revisit of McCullagh – Barreto two - party idbased authenticated key agreement protocols , Internat
Y.-M. Tseng J.-K. Jan (2002)
10.1145/358790.358797
Password authentication with insecure communication
L. Lamport (1981)
10.1016/S0167-4048(03)00713-2
Cryptanalysis of an enhanced timestamp-based password authentication scheme
B. Wang (2003)
Advanced Encryption Standard
Brian A. Carter (2007)
10.1109/TIT.1976.1055638
New directions in cryptography
W. Diffie (1976)
10.6028/nist.fips.180
Secure Hash Standard
J. H. Burrows (1995)
Hellman , New directions in cryptography
M. E. W. Diffie (2005)
10.17487/RFC1760
The S/KEY One-Time Password System
N. Haller (1995)
10.1145/75577.75582
Identity authentication based on keystroke latencies
R. Joyce (1990)
A Modified Remote User Authentication Scheme Using Smart Cards
Y. Xiu-yuan (2008)
10.1016/S0140-3664(99)00036-5
Cryptanalysis of a remote login authentication scheme
M. Hwang (1999)
10.1049/ip-e.1992.0053
Remote password authentication with smart cards
Cc (2004)
Attacks and solutions on strongpassword authentication , IEICE Trans
H. M. Sun C. L. Lin (2005)
10.6633/IJNS.200511.1(3).05
Revisit of McCullagh-Barreto Two-party ID-based Authenticated Key Agreement Protocols
Kim-Kwang Raymond Choo (2004)



This paper is referenced by
10.3724/SP.J.1087.2011.00996
Simple improvement for S/KEY authorization scheme: Simple improvement for S/KEY authorization scheme
Bing Wei He (2011)
10.4995/THESIS/10251/14980
Desarrollo y validación de soluciones tecnológicas para el aprendizaje a través de la plataforma de e-learning Ingenio
de Siqueira Rocha (2012)
A LITERATURE SURVEY ON NOVEL REMOTE AUTHENTICATION VIA VIDEO OBJECT AND BIOMETRICS
T. Sathya (2015)
10.5120/17709-8718
Security Analysis and Performance Evaluation of an Enhanced Two-Factor Authenticated Scheme
D. Jyoti (2014)
Efficient Two-Pass Anonymous Identity Authentication Using Smart Card
J. Chou (2013)
10.1109/TDSC.2016.2605087
Two Birds with One Stone: Two-Factor Authentication with Security Beyond Conventional Bound
Ding Wang (2018)
10.7763/IJCCE.2013.V2.193
Insider Attack-Resistant OTP (One-Time Password) Based on Bilinear Maps
Yunjin Lee (2013)
10.6633/IJNS.201603.18(2).21
A Measurement Study of the Content Security Policy on Real-World Applications
Kailas Patil (2016)
An Enhanced Anonymous Password-based Authenticated Key Agreement Scheme with Formal Proof
Min Wu (2017)
10.1109/WAINA.2012.203
A Reliable Dynamic User-Remote Password Authentication Scheme over Insecure Network
Z. Wu (2012)
10.1007/978-3-642-34062-8_24
On the Security of an Improved Password Authentication Scheme Based on ECC
Ding Wang (2012)
10.1002/sec.977
An improved and provable remote user authentication scheme based on elliptic curve cryptosystem with user anonymity
Lili Xu (2015)
10.1016/j.jcss.2012.06.002
A novel one-time password mutual authentication scheme on sharing renewed finite random sub-passwords
L. Gong (2013)
10.1155/2014/247836
Analysis and Enhancement of a Password Authentication and Update Scheme Based on Elliptic Curve Cryptography
L. Wang (2014)
10.1007/S11071-011-0247-4
An extended chaotic maps-based key agreement protocol with user anonymity
C. Lee (2012)
A Simple Password Authentication Scheme Based on Geometric Hashing Function
Xu Zhuang (2014)
Cryptanalysis of Two Efficient Password-based Authentication Schemes Using Smart Cards
Y. Wang (2015)
10.4028/www.scientific.net/AMM.481.220
Enhanced Tight Finite Key Scheme for Quantum Key Distribution (QKD) Protocol to Authenticate Multi-Party System in Cloud Infrastructure
R. Khalid (2013)
10.1109/CIMSIM.2013.45
Classification of Malignant Melanoma and Benign Nevi from Skin Lesions Based on Support Vector Machine
Mohamed Khalad Abu Mahmoud (2013)
10.1016/J.PROENG.2012.06.162
Smart card based remote user authentication schemes — Survey
G. Jaspher (2012)
IWT Based Remote Authentication Via Biometrics
H. Jose (2017)
10.1109/CW.2014.50
Biometrics-Based Secret Key Agreement by Public Discussion with RFID System
Marcus V. C. Rodrigues (2014)
AUTHENTICATION MECHANISM FOR CLOUD NETWORK AND ITS FITNESS WITH QUANTUM KEY DISTRIBUTION PROTOCOL: A SURVEY
Roszelinda Khalid (2015)
An Improved Remote User Password Authentication Scheme Using Smart Card with Session Key Agreement
Ajay Kumar Sahu (2016)
10.1007/s10916-014-0016-2
A User Anonymity Preserving Three-Factor Authentication Scheme for Telecare Medicine Information Systems
Zuowen Tan (2014)
10.1109/TETC.2015.2400135
Remote Authentication via Biometrics: A Robust Video-Object Steganographic Mechanism Over Wireless Networks
K. Ntalianis (2016)
10.1109/AICCSA.2009.5069373
Attacks and improvement of “security enhancement for a dynamic id-based remote user authentication scheme”
O. Cheikhrouhou (2009)
10.1016/J.IMU.2018.02.003
An efficient and secure remote user mutual authentication scheme using smart cards for Telecare medical information systems
N. Radhakrishnan (2018)
10.1007/s10916-011-9703-4
A Non-Repudiated and Traceable Authorization System Based on Electronic Health Insurance Cards
C. Chen (2011)
USER AUTHENTICATION IN PUBLIC CLOUD COMPUTING THROUGH ADOPTION OF ELECTRONIC PERSONAL SYNTHESIS BEHAVIOR
Mohanaad Shakir (2020)
10.1007/s10916-011-9658-5
A More Secure Authentication Scheme for Telecare Medicine Information Systems
He Debiao (2012)
Towards secure and trustworthy wireless ad hoc networks
A. Boukerche (2012)
See more
Semantic Scholar Logo Some data provided by SemanticScholar