排序方式: 共有8条查询结果,搜索用时 15 毫秒
1
1.
Users frequently reuse their passwords when authenticating to various online services. Combined with the use of weak passwords or honeypot/phishing attacks, this brings high risks to the security of the user’s account information. In this paper, we propose several protocols that can allow a user to use a single password to authenticate to multiple services securely. All our constructions provably protect the user from dictionary attacks on the password, and cross-site impersonation or honeypot attacks by the online service providers. 相似文献
2.
3.
Simple password-based three-party authenticated key exchange without server public keys 总被引:2,自引:0,他引:2
Password-based three-party authenticated key exchange protocols are extremely important to secure communications and are now extensively adopted in network communications. These protocols allow users to communicate securely over public networks simply by using easy-to-remember passwords. In considering authentication between a server and user, this study categorizes password-based three-party authenticated key exchange protocols into explicit server authentication and implicit server authentication. The former must achieve mutual authentication between a server and users while executing the protocol, while the latter only achieves authentication among users. This study presents two novel, simple and efficient three-party authenticated key exchange protocols. One protocol provides explicit server authentication, and the other provides implicit server authentication. The proposed protocols do not require server public keys. Additionally, both protocols have proven secure in the random oracle model. Compared with existing protocols, the proposed protocols are more efficient and provide greater security. 相似文献
4.
Ren-Chiun Wang 《Computer Communications》2011,34(3):274-280
In ubiquitous computing environments, people may obtain their services from application servers by using mobile devices at any time and anywhere. For convenience, most of those devices are small and of limited power and computation capacity. In this paper, we propose a robust user authentication and key agreement scheme suitable for ubiquitous computing environments. The main merits include: (1) a security-sensitive verification table is not required in the server; (2) the password can be chosen and changed freely by the clients and cannot be derived by the privileged administrator of the server; (3) all well-known security threats are solved in our proposed scheme; (4) the scheme does not have a serious time-synchronization problem; (5) the client and the server can establish a common session key; (6) the scheme is practical and efficient; (7) the scheme can preserve the privacy of the client’s secret key even if the secret information stored in a smart card is compromised. 相似文献
5.
标准模型下高效的基于口令认证密钥协商协议 总被引:1,自引:0,他引:1
基于口令的认证密钥协商协议是利用预先共享的口令协商安全性较高的密钥。现有的基于口令认证密钥协商协议大多需要较大的计算量,或者只在随机预言模型下证明了协议的安全性。该文提出了新的标准模型下基于口令密钥协商协议,协议只需要一个生成元。 与其它标准模型下的协议相比,新协议不需要CPA或CCA2安全的加密方案,因而具有计算复杂度低和协议描述简单的特点。相对于殷胤等人在标准模型下可证安全的加密密钥协商协议一文中提出的协议,新协议将指数运算降低了64%。最后,基于DDH假设,在标准模型下证明了协议的安全性。 相似文献
6.
Security weakness in a three-party pairing-based protocol for password authenticated key exchange 总被引:3,自引:0,他引:3
Authentication and key exchange are fundamental for establishing secure communication channels over public insecure networks. Password-based protocols for authenticated key exchange are designed to work even when user authentication is done via the use of passwords drawn from a small known set of values. Recently, Wen et al. (H.-A. Wen, T.-F. Lee, T. Hwang, Provably secure three-party password-based authenticated key exchange protocol using Weil pairing, IEE Proceedings—Communications 152 (2) (2005) 138-143) proposed a new protocol for password-based authenticated key exchange in the three-party setting, where the clients trying to establish a common secret key do not share a password between themselves but only with a trusted server. Wen et al.’s protocol carries a claimed proof of security in a formal model of communication and adversarial capabilities. However, this work shows that the protocol for three-party key exchange is completely insecure and the claim of provable security is seriously incorrect. We conduct a detailed analysis of flaws in the protocol and its security proof, in the hope that no similar mistakes are made in the future. 相似文献
7.
Enhanced password-based simple three-party key exchange protocol 总被引:1,自引:0,他引:1
8.
In this paper, we propose a secure and efficient user authentication scheme with countable and time-bound features. The countable feature is to limit the use to a certain number of times, which means that the users are able to successfully log into the system in a fixed number of times. The feature of the time-bound allows each login ticket to have a period of expiration. In other words, if a login request is overdue, it would not be available anymore. These features make our scheme more reliable for applications in the field of electronic commerce, such as on-line games, pay-TV, and so on. Since our scheme does not require any password or verification table and can avoid replay attacks, it is under firm security. Moreover, our scheme shows a lower computational overhead on the user side. Therefore, it offers an efficient and adequate alternative for the implementations in the mobile environment with limited computing capability. 相似文献
1