Strengthening password-based authentication protocols against online dictionary attacks

Peng Wang, Yongdae Kim, Vishal Kher, Taekyoung Kwon

Research output: Contribution to journalConference article

4 Citations (Scopus)

Abstract

Passwords are one of the most common cause of system break-ins, because the low entropy of passwords makes systems vulnerable to brute force guessing attacks (dictionary attacks). Existing Strong Password-based Authentication and Key Agreement (SPAKA) protocols protect passwords from passive (eavesdropping-offline dictionary) attacks, but not from active online dictionary attacks. This paper presents a simple scheme that strengthens password-based authentication protocols and helps prevent online dictionary attacks as well as many-to-many attacks common to 3-pass SPAKA protocols. The proposed scheme significantly increases the computational burden of an attacker trying to launch online dictionary attacks, while imposing negligible load on the legitimate clients as well as on the authentication server.

Original languageEnglish
Pages (from-to)17-32
Number of pages16
JournalLecture Notes in Computer Science
Volume3531
Publication statusPublished - 2005 Oct 17
EventThird International Conference on Applied Cryptography and Network Security, ACNS 2005 - New York, NY, United States
Duration: 2005 Jun 72005 Jun 10

Fingerprint

Authentication Protocol
Password
Glossaries
Strengthening
Authentication
Attack
Network protocols
Key Agreement Protocol
Many to many
Entropy
Servers
Dictionary
Server

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

@article{3510f890c2654c85b8387e1380cad8e2,
title = "Strengthening password-based authentication protocols against online dictionary attacks",
abstract = "Passwords are one of the most common cause of system break-ins, because the low entropy of passwords makes systems vulnerable to brute force guessing attacks (dictionary attacks). Existing Strong Password-based Authentication and Key Agreement (SPAKA) protocols protect passwords from passive (eavesdropping-offline dictionary) attacks, but not from active online dictionary attacks. This paper presents a simple scheme that strengthens password-based authentication protocols and helps prevent online dictionary attacks as well as many-to-many attacks common to 3-pass SPAKA protocols. The proposed scheme significantly increases the computational burden of an attacker trying to launch online dictionary attacks, while imposing negligible load on the legitimate clients as well as on the authentication server.",
author = "Peng Wang and Yongdae Kim and Vishal Kher and Taekyoung Kwon",
year = "2005",
month = "10",
day = "17",
language = "English",
volume = "3531",
pages = "17--32",
journal = "Lecture Notes in Computer Science",
issn = "0302-9743",
publisher = "Springer Verlag",

}

Strengthening password-based authentication protocols against online dictionary attacks. / Wang, Peng; Kim, Yongdae; Kher, Vishal; Kwon, Taekyoung.

In: Lecture Notes in Computer Science, Vol. 3531, 17.10.2005, p. 17-32.

Research output: Contribution to journalConference article

TY - JOUR

T1 - Strengthening password-based authentication protocols against online dictionary attacks

AU - Wang, Peng

AU - Kim, Yongdae

AU - Kher, Vishal

AU - Kwon, Taekyoung

PY - 2005/10/17

Y1 - 2005/10/17

N2 - Passwords are one of the most common cause of system break-ins, because the low entropy of passwords makes systems vulnerable to brute force guessing attacks (dictionary attacks). Existing Strong Password-based Authentication and Key Agreement (SPAKA) protocols protect passwords from passive (eavesdropping-offline dictionary) attacks, but not from active online dictionary attacks. This paper presents a simple scheme that strengthens password-based authentication protocols and helps prevent online dictionary attacks as well as many-to-many attacks common to 3-pass SPAKA protocols. The proposed scheme significantly increases the computational burden of an attacker trying to launch online dictionary attacks, while imposing negligible load on the legitimate clients as well as on the authentication server.

AB - Passwords are one of the most common cause of system break-ins, because the low entropy of passwords makes systems vulnerable to brute force guessing attacks (dictionary attacks). Existing Strong Password-based Authentication and Key Agreement (SPAKA) protocols protect passwords from passive (eavesdropping-offline dictionary) attacks, but not from active online dictionary attacks. This paper presents a simple scheme that strengthens password-based authentication protocols and helps prevent online dictionary attacks as well as many-to-many attacks common to 3-pass SPAKA protocols. The proposed scheme significantly increases the computational burden of an attacker trying to launch online dictionary attacks, while imposing negligible load on the legitimate clients as well as on the authentication server.

UR - http://www.scopus.com/inward/record.url?scp=26444568714&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=26444568714&partnerID=8YFLogxK

M3 - Conference article

AN - SCOPUS:26444568714

VL - 3531

SP - 17

EP - 32

JO - Lecture Notes in Computer Science

JF - Lecture Notes in Computer Science

SN - 0302-9743

ER -