A practical password-based two-server authentication and key exchange system

Most password-based user authentication systems place total trust on the authentication server where cleartext passwords or easily derived password verification data are stored in a central database. Such systems are, thus, by no means resilient against offline dictionary attacks initiated at the server side. Compromise of the authentication server by either outsiders or insiders subjects all user passwords to exposure and may have serious legal and financial repercussions to an organization. Recently, several multiserver password systems were proposed to circumvent the single point of vulnerability inherent in the single-server architecture. However, these multiserver systems are difficult to deploy and operate in practice since either a user has to communicate simultaneously with multiple servers or the protocols are quite expensive. In this paper, we present a practical password-based user authentication and key exchange system employing a novel two-server architecture. Our system has a number of appealing features. In our system, only a front-end service server engages directly with users while a control server stays behind the scene; therefore, it can be directly applied to strengthen existing single-server password systems. In addition, the system is secure against offline dictionary attacks mounted by either of the two servers.     

SPP: An anti-phishing single password protocol

Most users have multiple accounts on the Internet where each account is protected by a password. To avoid the headache in remembering and managing a long list of different and unrelated passwords, most users simply use the same password for multiple accounts. Unfortunately, the predominant HTTP basic authentication protocol (even over SSL) makes this common practice remarkably dangerous: an attacker can effectively steal users’ passwords for high-security servers (such as an online banking website) by setting up a malicious server or breaking into a low-security server (such as a high-school alumni website). Furthermore, the HTTP basic authentication protocol is vulnerable to phishing attacks because a client needs to reveal his password to the server that the client wants to login.In this paper, we propose a protocol that allows a client to securely use a single password across multiple servers, and also prevents phishing attacks. Our protocol achieves client authentication without the client revealing his password to the server at any point. Therefore, a compromised server cannot steal a client’s password and replay it to another server.Our protocol is simple, secure, efficient and user-friendly. In terms of simplicity, it only involves three messages. In terms of security, the protocol is secure against the attacks that have been discovered so far including the ones that are difficult to defend, such as the malicious server attacks described above and the recent phishing attacks. Essentially our protocol is an anti-phishing password protocol. In terms of efficiency, each run of our protocol only involves a total of four computations of a one-way hash function. In terms of usability, the protocol requires a user to remember only one password consisting of eight (or more) random characters, and this password can be used for all of his accounts.     

An efficient and practical threshold gateway-oriented password-authenticated key exchange protocol in the standard model

With the assistance of an authentication server, a gateway-oriented password-authenticated key exchange (GPAKE) protocol can establish a common session key shared between a client and a gateway. Unfortunately, a GPAKE protocol becomes totally insecure if an adversary can compromise the authentication server and steal the passwords of the clients. In order to provide resilience against adversaries who can hack into the authentication server, we propose a threshold GPAKE protocol and then present its security proof in the standard model based on the hardness of the decisional Diffie-Hellman (DDH) problem. In our proposal, the password is shared among n authentication servers and is secure unless the adversary corrupts more than t+1 servers. Our protocol requires n > 3t servers to work. Compared with existing threshold PAKE protocols, our protocol maintains both stronger security and greater efficiency.     

A remote password authentication scheme for multiserverarchitecture using neural networks

Conventional remote password authentication schemes allow a serviceable server to authenticate the legitimacy of a remote login user. However, these schemes are not used for multiserver architecture environments. We present a remote password authentication scheme for multiserver environments. The password authentication system is a pattern classification system based on an artificial neural network. In this scheme, the users only remember user identity and password numbers to log in to various servers. Users can freely choose their password. Furthermore, the system is not required to maintain a verification table and can withstand the replay attack.     

基于验证元的三方口令认证密钥交换协议

三方口令认证密钥交换协议使2个分别与可信服务器共享不同口令的用户建立起秘密的会话密钥.这类协议的优点是用户只需要记忆一个口令就可以与其他注册用户进行通信,因而三方口令认证密钥交换协议更适用于大规模的端到端通信.现有的大多数三方口令认证密钥交换协议均基于随机谕言模型来实现,只有少数协议不依赖服务器拥有公钥,而且在标准模型下是可证明安全的.另外多数协议中的口令以明文的形式存储在服务器上,服务器信息泄露将对用户和服务器的数据安全带来极大的危害.在标准模型下,使用平滑投影Hash函数设计了一个基于验证元的三方口令认证密钥交换协议,并证明了协议的安全性.此协议满足抵抗服务器泄露、不可检测的在线字典攻击和密钥私密性等安全属性.     

Design of a password-based authenticated key exchange protocol for SIP

The Session Initiation Protocol (SIP) is a signaling communications protocol, which has been chosen for controlling multimedia communication in 3G mobile networks. In recent years, password-based authenticated key exchange protocols are designed to provide strong authentication for SIP. In this paper, we address this problem in two-party setting where the user and server try to authenticate each other, and establish a session key using a shared password. We aim to propose a secure and anonymous authenticated key exchange protocol, which can achieve security and privacy goal without increasing computation and communication overhead. Through the analysis, we show that the proposed protocol is secure, and has computational and computational overheads comparable to related authentication protocols for SIP using elliptic curve cryptography. The proposed protocol is also provably secure in the random oracle model.     

基于自验证公钥的跨域口令认证密钥协商协议

结合自验证公钥密码学和口令构造了一个用户可以直接通信的跨域口令认证密钥协商协议。域服务器通过口令认证实现对域内用户的认证, 并与对方域服务器一起协助用户完成认证和密钥协商。该过程中, 域服务器不能获取关于会话密钥的任何信息, 且各参与方之间能够实现相互认证。与同类协议相比, 该协议需要较小的计算和通信代价, 并能抵抗字典攻击和未知会话密钥共享攻击。     

Efficient multi-server authentication scheme based on one-way hash function without verification table

Following advances in network technologies, an increasing number of systems have been provided to help network users via the Internet. In order to authenticate the remote users, password-based security mechanisms have been widely used. They are easily implemented, but these mechanisms must store a verification table in the server. If an attacker steals the verification table from the server, the attacker may masquerade as a legal user. To solve the verification table stolen problem, numerous single server authentication schemes without verification tables have been proposed. These single authentication schemes suffer from a shortcoming. If a remote user wishes to use numerous network services, they must register their identity and password in these servers. In response to this problem, numerous related studies recently have been proposed. These authentication schemes enable remote users to obtain service from multiple servers without separately registering with each server. This study proposes an alternative multi-server authentication scheme using smart cards. The proposed scheme is based on the nonce, uses one-way hash function, and does not need to store any verification table in the server and registration center. The proposed scheme can withstand seven well known network security attacks.     

Two-factor mutual authentication based on smart cards and passwords

One of the most commonly used two-factor user authentication mechanisms nowadays is based on smart-card and password. A scheme of this type is called a smart-card-based password authentication scheme. The core feature of such a scheme is to enforce two-factor authentication in the sense that the client must have the smart-card and know the password in order to gain access to the server. In this paper, we scrutinize the security requirements of this kind of schemes, and propose a new scheme and a generic construction framework for smart-card-based password authentication. We show that a secure password based key exchange protocol can be efficiently transformed to a smart-card-based password authentication scheme provided that there exist pseudorandom functions and target collision resistant hash functions. Our construction appears to be the first one with provable security. In addition, we show that two recently proposed schemes of this kind are insecure.     

Security flaw of Hölbl et al.’s protocol

Recently, Hölbl et al. [M. Hölbl, T. Welzer, B. Brumen, Improvement of the Peyravian–Jeffries’s user authentication protocol and password change protocol, Computer Communications 31 (2008) 1945–1951] have proposed an improvement of Peyravian–Jeffries’s user authentication protocol and password change protocol [M. Peyravian, C. Jeffries, Secure remote user access over insecure networks, Computer Communications 29 (5–6) (2006) 660–667]. Peyravian–Jeffries’s scheme suffers from an active off-line password-guessing attack [J. Munilla, A. Peinado, Off-line password-guessing attack to Peyravian–Jeffries’s remote user authentication protocol, Computer Communications 30 (1) (2006) 52–54], and Hölbl et al. state that their improved protocol overcomes this weakness. However, we show in this paper that although this proposed protocol prevents this active attack, it remains vulnerable to a passive (simpler) off-line password-guessing attack.     

基于混合机制的Kerberos安全性增强方案

针对Kerberos协议的弱点和安全性问题,提出了一个基于混合加密机制的Kerberos改进方案,目的是防范口令攻击和内部攻击。给应用服务器和AS服务器分配公钥和私钥,用户与服务器之间的会话密钥由DH密钥交换生成。给出了改进后的 Kerberos 协议的六个步骤,并对安全性进行分析。分析结果表明,新方案能够增强Kerberos协议的安全性,而且比公钥加密机制高效。     

一种新的基于指纹与移动端协助的口令认证方法

智能手机和互联网应用的广泛普及,使用户可以借助手机结合口令与服务器认证.然而现有的方案需要在手机端存储用户的秘密信息.一旦存于手机的秘密信息被对手获得,将给用户带来不可挽回的损失.针对上述问题,提出了一种基于指纹和口令的认证方案,手机端无需存储秘密信息.其核心思想是,将密文存储在服务器端,用户登录时利用手机辅助其生成私钥,从而对注册阶段生成的密文解密生成认证密钥.生成私钥的过程需要输入口令和指纹,用户在电脑端输入口令后对口令进行盲化再与手机进行交互,这样就可以保护用户口令不被对手得到.理论分析及实验结果表明：该方案提高了用户秘密信息的安全性,可以抵御对手的字典攻击、重放攻击和钓鱼攻击,减少了手机的存储压力,易于部署.     

一种扩展代理服务器认证能力的方法研究

计算机互联网发展迅速,为了保护内部网络的安全及计费的需要,必须设置防火墙与代理服务器。而如何使代理服务器利用多台服务器上的用户认证信息进行认证,却是未曾解决的问题。文章提出了一种安全的分布式实时认证方案,安全、高效地解决了这一问题,减轻了系统管理员的维护工作量,具有实用价值。     

基于扩展混沌映射的远程医疗信息系统认证方案

针对远程医疗信息系统（TMIS）的实时应用场景,提出了一种安全高效的基于扩展混沌映射的切比雪夫多服务器认证协议。该方案使用随机数和注册中心的私钥为用户/应用服务器的身份加密,有效地支持用户和应用服务器的撤销和重新注册。同时,还利用“模糊验证因子”技术避免离线密码猜测攻击,利用“honeywords”技术有效避免在线密码猜测攻击。该方案在公共信道上传输的与用户身份相关的信息均使用随机数或随机数的计算结果进行加密,因此可以为用户提供强匿名性。通过BAN逻辑证明该协议可以实现用户和服务器的安全相互认证;同时,使用非正式安全证明该协议可以抵抗多种已知攻击。     

A user authentication system using back-propagation network

Information security has been a critical issue in the field of information systems. One of the key factors in the security of a computer system is how to identify the authorization of users. Password-based user authentication is widely used to authenticate a legitimate user in the current system. In conventional password-based user authentication schemes, a system has to maintain a password table or verification table which stores the information of users IDs and passwords. Although the one-way hash functions and encryption algorithms are applied to prevent the passwords from being disclosed, the password table or verification table is still vulnerable. In order to solve this problem, in this paper, we apply the technique of back-propagation network instead of the functions of the password table and verification table. Our proposed scheme is useful in solving the security problems that occurred in systems using the password table and verification table. Furthermore, our scheme also allows each user to select a username and password of his/her choice.     

适用网络的W态双服务器盲量子计算协议设计

结合实际的网络环境，为提高盲量子计算协议的执行效率和减少客户端占用量子服务器的时间，利用Bell态与W态的纠缠交换原理，提出了一种适用网络的双服务器盲量子协议方案。方案中客户端将计算任务分为两部分，并分别与Bob1和Bob2按照单服务器盲量子计算步骤执行完成。因为制备分别用于构造两台量子服务器中砖墙态的量子比特，只由一台量子计算机、执行一次制备过程就可以完成，与单服务器BQC相比并没有增加额外的量子服务器资源投入。方案可以实现客户端完全经典，协议具有无条件安全性。     

基于RLWE的双因子三方认证密钥交换协议

为了使格上Diffie-Hellman式密钥交换协议能够实现认证性并且适用于客户-服务器-客户模式的大规模通信,提出了一个基于环上误差学习RLWE的双因子三方认证密钥交换协议。该协议将口令和生物特征作为客户的长期密钥,实现服务器对客户的显式身份认证。首先利用环上误差学习的困难问题的优势（密钥及密文尺寸短、运行效率高）来构造密码体制;其次服务器通过口令和生物特征的哈希值传递环元素,并结合丁式错误协调机制使得通信方获得随机均匀的会话密钥。最后分析表明,该协议适用于大规模通信,提高了通信量,具有更高的安全属性,可以抵抗口令泄露用户假冒攻击。     

A lightweight authentication and key agreement protocol preserving user anonymity

Nowadays with widespread employment of the Internet, servers provide various services for legal users. The vital issue in client/server connections is authentication protocols that make the communication channel safe and secure against famous attacks. Recently, Kumari et al. and Chaudhry et al. proposed two authentication and key agreement protocols and illustrated that their proposed protocols are secure against various security attacks. However, in this paper we demonstrate that both protocols are vulnerable to off-line password guessing attacks. Moreover, we show that Kumari et al.’s protocol does not provide the property of user anonymity. In order to overcome these weaknesses, we propose a lightweight authentication and key agreement protocol. The correctness of the proposed protocol is proved using BAN logic. Security analysis demonstrates that the proposed protocol resists various security attacks and provides user anonymity. Furthermore, performance analysis confirms that the computation cost of the proposed protocol is acceptable.

     

新的基于椭圆曲线的三方口令认证密钥协商协议

口令认证密钥协商使得参与通信的用户用一个低熵的口令就可以实现实体认证,并能通过不安全的信道安全地生成共享的高熵会话密钥。为此,设计了一种新的基于椭圆曲线的三方口令认证密钥协商协议,新协议将参与者的口令巧妙地隐藏在传输的消息中,确保了口令的安全性。新协议的安全性基于椭圆曲线离散对数问题,服务器并不需要完全可信。安全性分析和性能分析显示,新协议以较低的代价实现了通信双方的安全通信。