• Title/Summary/Keyword: Different Password

Search Result 67, Processing Time 0.034 seconds

A Study on the User Authentication and Key Exchange Service for Group Environment (그룹 환경의 사용자 인증 및 키 교환 서비스 프로토콜 연구)

  • Byun, Jin-Wook;Lee, Su-Mi;Lee, Dong-Hoon
    • Journal of Information Technology Services
    • /
    • v.8 no.2
    • /
    • pp.117-136
    • /
    • 2009
  • Over the years a password has been used as a popular authentication method between a client and a server because of its easy-to-memorize property. But, most password-based authentication services have focused on a same password authentication scheme which provides an authentication and key exchange between a client and a server with the same password. With rapid change of communication environments in the fields such as mobile networks, home networking, etc., the end-to-end security allowing users to hold different password is considered as one of main concerns. In this paper, we consider a new authentication service of how each client with different own password is able to authenticate each other, which is a quite new service paradigm among the existing services. This new service can be used in the current or next generation network environment where a mobile user in cell A wants to establish a secure end-to-end channel with users in ceil B, C, and D using only their memorable passwords. This end-to-end security service minimizes the interferences from the operator controlled by network components. To achieve this end-to-end security, we propose an authentication and key exchange service for group users in different realm, and analyze its security in a formal way. We also discuss a generic construction with the existing authentication schemes.

A Novel Hybrid Algorithm Based on Word and Method Ranking for Password Security

  • Berker Tasoluk;Zuhal Tanrikulu
    • International Journal of Computer Science & Network Security
    • /
    • v.23 no.3
    • /
    • pp.161-168
    • /
    • 2023
  • It is a common practice to use a password in order to restrict access to information, or in a general sense, to assets. Right selection of the password is necessary for protecting the assets more effectively. Password finding/cracking try outs are performed for deciding which level of protection do used or prospective passwords offer, and password cracking algorithms are generated. These algorithms are becoming more intelligent and succeed in finding more number of passwords in less tries and in a shorter duration. In this study, the performances of possible password finding algorithms are measured, and a hybrid algorithm based on the performances of different password cracking algorithms is generated, and it is demonstrated that the performance of the hybrid algorithm is superior to the base algorithms.

Light-Weight Password-Based Authenticated Key Exchange for Two Users using Different Passwords (서로 다른 패스워드를 사용하는 두 사용자를 위한 경량 패스워드 기반 키 교환 프로토콜)

  • Kwon, Jeong-Ok;Kim, Ki-Tak;Jeong, Ik-Rae;Lee, Dong-Hoon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.5
    • /
    • pp.17-30
    • /
    • 2008
  • In the paper, we consider password-based authenticated key exchange with different passwords, where the users do not share a password between themselves, but only with the server. The users make a session key using their different passwords with the help of the server. We propose an efficient password-based authenticated key exchange protocol with different passwords which achieves forward secrecy without random oracles. In fact this amount of computation and the number of rounds are comparable to the most efficient password-based authenticated key exchange protocol in the random oracle model. The protocol requires a client only to memorize a human-memorable password, and all other information necessary to run the protocol is made public.

Practical Password-Authenticated Three-Party Key Exchange

  • Kwon, Jeong-Ok;Jeong, Ik-Rae;Lee, Dong-Hoon
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.2 no.6
    • /
    • pp.312-332
    • /
    • 2008
  • Password-based authentication key exchange (PAKE) protocols in the literature typically assume a password that is shared between a client and a server. PAKE has been applied in various environments, especially in the “client-server” applications of remotely accessed systems, such as e-banking. With the rapid developments in modern communication environments, such as ad-hoc networks and ubiquitous computing, it is customary to construct a secure peer-to-peer channel, which is quite a different paradigm from existing paradigms. In such a peer-to-peer channel, it would be much more common for users to not share a password with others. In this paper, we consider password-based authentication key exchange in the three-party setting, where two users do not share a password between themselves but only with one server. The users make a session-key by using their different passwords with the help of the server. We propose an efficient password-based authentication key exchange protocol with different passwords that achieves forward secrecy in the standard model. The protocol requires parties to only memorize human-memorable passwords; all other information that is necessary to run the protocol is made public. The protocol is also light-weighted, i.e., it requires only three rounds and four modular exponentiations per user. In fact, this amount of computation and the number of rounds are comparable to the most efficient password-based authentication key exchange protocol in the random-oracle model. The dispensation of random oracles in the protocol does not require the security of any expensive signature schemes or zero-knowlegde proofs.

On the Security of a New C2C-PAKA Protocol (새로운 C2C-PAKA 프로토콜의 안전성 연구)

  • Byun, Jin-Wook
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.3
    • /
    • pp.473-483
    • /
    • 2012
  • To achieve an entire end-to-end security, the classical authentication setting such that all participants have a same password is not practical since a password is not a common secret but a personal secret depending on an individual. Thus, an efficient client to client different password-based authenticated key agreement protocol (for short, EC2C-PAKA) has been suggested in the cross-realm setting. Very recently, however, a security weakness of the EC2C-PAKA protocol has been analyzed by Feng and Xu. They have claimed that the EC2C-PAKA protocol is insecure against a password impersonation attack. They also have presented an improved version of the EC2C-PAKA protocol. In this paper, we demonstrate that their claim on the insecurity of EC2C-PAKA protocol against a password impersonation attack is not valid. We show that the EC2C-PAKA protocol is still secure against the password impersonation attack. In addition, ironically, we show that the improved protocol by Feng and Xu is insecure against an impersonation attack such that a server holding password of Alice in realm A can impersonate Bob in realm B. We also discuss a countermeasure to prevent the attack.

Password-Based Key Exchange Protocols for Cross-Realm (Cross-Realm 환경에서 패스워드기반 키교환 프로토콜)

  • Lee, Young Sook
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.5 no.4
    • /
    • pp.139-150
    • /
    • 2009
  • Authentication and key exchange are fundamental for establishing secure communication channels over public insecure networks. Password-based protocols for authenticated key exchange are designed to work even when user authentication is done via the use of passwords drawn from a small known set of values. There have been many protocols proposed over the years for password authenticated key exchange in the three-party scenario, in which two clients attempt to establish a secret key interacting with one same authentication server. However, little has been done for password authenticated key exchange in the more general and realistic four-party setting, where two clients trying to establish a secret key are registered with different authentication servers. In fact, the recent protocol by Yeh and Sun seems to be the only password authenticated key exchange protocol in the four-party setting. But, the Yeh-Sun protocol adopts the so called "hybrid model", in which each client needs not only to remember a password shared with the server but also to store and manage the server's public key. In some sense, this hybrid approach obviates the reason for considering password authenticated protocols in the first place; it is difficult for humans to securely manage long cryptographic keys. In this work, we introduce a key agreement protocol and a key distribution protocol, respectively, that requires each client only to remember a password shared with its authentication server.

A Study of Interpretation Effect of Passwords to Password Generation (패스워드 표기 방식이 패스워드 생성에 미치는 영향)

  • Kim, Seung-Yeon;Kwon, Taekyoung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.5
    • /
    • pp.1235-1243
    • /
    • 2015
  • The purpose of this study was to find if the password composition of domestic users is affected by the different form of the word 'Password' in the interface of login or password change. In particular, 'Password', foreign notation, and 'Secret Number', notation translated by Korean, have a semantic difference. According to the survey of 200 students in S university, passwords made under the word 'Secret Number' are heavy on numbers than alphabet. Because these passwords make much smaller composition space than another case, they have bad security impact. We expect to make use of this paper as a base line data for study to find how improve domestic user's password security.

Password-Authenticated Key Exchange between Clients with Different Passwords (서로 다른 패스워드를 가진 사용자간의 패스워드 인증 키 교환 프로토콜)

  • 변지욱;정익래;이동훈
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.13 no.1
    • /
    • pp.27-38
    • /
    • 2003
  • Most password-authenticated key exchange schemes in the literature provide an authenticated key exchange between a client and a server based on a pre-shared password. With a rapid change in modem communication environments, it is necessary to construct a secure end-to-end channel between clients, which is a quite different paradigm from the existing ones. In this paper we propose a new framework which provides a password-authenticated ky exchange between clients based only on their two different Passwords without my Pre-shared secret, so called Client-to-Client Password-Authenticated Key Exchange(C2C-PAKE). Security notions and types of possible attacks are newly defined according to the new framework We prove our scheme is secure against all types of attacks considered in the paper. Two secure C2C-PAKE schemes are suggested, one in a cross-realm setting and the other in a single-sorrel setting.

Designing Password Input System Resistant on Shoulder Surfing Attack with Statistical Analysis (Shoulder Surfing 공격을 고려한 패스워드 입력 시스템 구현 및 통계적 검증)

  • Lim, Soo Min;Kim, Hyoung Joong;Kim, Seong Kee
    • Journal of the Institute of Electronics and Information Engineers
    • /
    • v.49 no.9
    • /
    • pp.215-224
    • /
    • 2012
  • Using password on system is easy to build and shorten the access time to authorize user, which is high in use for vary system that requires users' authorization. Many input device are able to perform the password system easily, such as PC, smart-phone, tablet PC, etc. Beside the high usability of password, physical attack occurs when user put their password on the device, known as Shoulder Surfing attack. It used to be formed in numbers, characters or mix of different kinds, but new kind of password arose. Exploiting image or making scenarios are those kinds which are able to reflect users' intentions. Not many estimation exists for new password, so there's need to be standard for those new password for highlighting usability and accessability. In this paper, we propose password system with simple image and switching key-board to test statistical method to estimate usability on the password.

User Authentication System using Base Password and Member Registration Information (기본 패스워드와 회원 가입 정보를 이용한 사용자 인증 시스템)

  • Jeong, Jongmun;Hwang, Mintae
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.20 no.12
    • /
    • pp.2289-2296
    • /
    • 2016
  • The password rules to be applied for the user account creation are often different by websites. Thus we often forget the password to sign in website and it creates waste of time for frequent password reset. In order to solve this problem we propose a new authentication method in this paper. When user forget the password to sign in, the existing methods require a password reset step but our proposed method provides new sign in scheme through the additional authentication step with base password and personal information registered at the member sign up stage. From the result of performance comparison the proposed method is considered to be more efficient than others because it provides not only an equivalent level of security with others but also requires only a half of the number of transactions and the time required for password reset step.