A Security and Efficiency Authentication Scheme Based on Human-memorable Password

被引：1

作者：

Cui, Jianming ^{[1
]}

Zhang, Xiaojun ^{[1
]}

Gao, Jianxin ^{[2
]}

Cao, Ning ^{[3
]}

机构：

[1] Shandong Univ Sci & Technol, Coll Informat Sci & Engn, Qingdao, Peoples R China

[2] Beijing Pinecone Elect Co Ltd, Hardware Dept, Beijing, Peoples R China

[3] Qingdao Binhai Univ, Coll Informat Engn, Qingdao, Peoples R China

来源：

2017 IEEE INTERNATIONAL CONFERENCE ON COMPUTATIONAL SCIENCE AND ENGINEERING (CSE) AND IEEE/IFIP INTERNATIONAL CONFERENCE ON EMBEDDED AND UBIQUITOUS COMPUTING (EUC), VOL 2 | 2017年

基金：

中国博士后科学基金;

关键词：

human-memorable; authentication protocol; smart card; multi-server;

D O I：

10.1109/CSE-EUC.2017.239

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

From the view point of users, security and efficiency are two main factors for any authentication scheme. It's particularly important in multi-server architecture authentication protocol, because users can login many servers with only one password and one identity. In practical cases, users usually choose the password that can be remembered easily (human-memorable), which has low entropy and can be guessed out in short time. In 2010, Shao-Chin proposed a multi-server authentication protocol which was based on dynamic identity. We find that their scheme could not resist password guessing attack, user impersonation attack and do not have anonymity. For these concerns, we propose a multi-server authentication scheme based on two-factor, which can raise efficiency of communication and calculation by reducing unnecessary steps of keys exchange. In addition, the scheme has higher security which makes up for above-mentioned security flaws.

引用

页码：293 / 296

页数：4

共 13 条

[1] Chien HY, 2005, AINA 2005: 19th International Conference on Advanced Information Networking and Applications, Vol 2, P245
[2] A dynamic ID-based remote user authentication scheme
Das, ML
Saxena, A
Gulati, VP
[J]. IEEE TRANSACTIONS ON CONSUMER ELECTRONICS, 2004, 50 (02) : 629 - 631
[3] Ding Wang, 2012, Network and System Security. 6th International Conference, NSS 2012. Proceedings, P462, DOI 10.1007/978-3-642-34601-9_35
[4] Session-key generation using human passwords only
Goldreich, Oded
Lindell, Yehuda
[J]. JOURNAL OF CRYPTOLOGY, 2006, 19 (03) : 241 - 340
[5] Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment
Hsiang, Han-Cheng
Shih, Wei-Kuan
[J]. COMPUTER STANDARDS & INTERFACES, 2009, 31 (06) : 1118 - 1123
[6] A new remote user authentication scheme using smart cards
Hwang, MS
Li, LH
[J]. IEEE TRANSACTIONS ON CONSUMER ELECTRONICS, 2000, 46 (01) : 28 - 30
[7] Katz J, 2001, LECT NOTES COMPUT SC, V2045, P475
[8] Anonymous and traceable authentication scheme using smart cards
Kim, Seil
Rhee, Hyun Sook
Chun, Ji Young
Lee, Dong Hoon
[J]. PROCEEDINGS OF THE SECOND INTERNATIONAL CONFERENCE ON INFORMATION SECURITY AND ASSURANCE, 2008, : 162 - 165
[9] PASSWORD AUTHENTICATION WITH INSECURE COMMUNICATION
LAMPORT, L
[J]. COMMUNICATIONS OF THE ACM, 1981, 24 (11) : 770 - 772
[10] A secure dynamic ID based remote user authentication scheme for multi-server environment
Liao, Yi-Pin
Wang, Shuenn-Shyang
[J]. COMPUTER STANDARDS & INTERFACES, 2009, 31 (01) : 24 - 29

← 1 2 →