A New Password-Based Multi-server Authentication Scheme Robust to Password Guessing Attacks |
| |
| Authors: | Jia-Lun Tsai Nai-Wei Lo Tzong-Chen Wu |
| |
| Affiliation: | 1. Department of Information Management, National Taiwan University of Science and Technology, Taipei, 106, Taiwan
2. Taiwan Information Security Center (TWISC), National Taiwan University of Science and Technology, Taipei, 106, Taiwan
|
| |
| Abstract: | A multi-server authentication scheme is a useful authentication mechanism in which a remote user can access the services of multiple servers after registering with the registration center (RC). This study shows that the password-based multi-server authentication scheme proposed by Yeh and Lo is vulnerable to undetectable password-guessing attack and offline password-guessing attack. This study proposes a new password-based multi-server authentication scheme to overcome these vulnerabilities. The proposed protocol introduces a new mechanism for protecting user password. The RC sends an alternative key to help the server verify the legitimacy of user instead of the user’s password. The values of these keys are changed with a random large nonce in each session. Therefore, the password-guessing attack cannot work successfully on the proposed scheme. |
| |
| Keywords: | |
| 本文献已被 SpringerLink 等数据库收录! |
|
