• 제목/요약/키워드: Password Based

Search Result 479, Processing Time 0.024 seconds

Security in the Password-based Identification

  • Park, Byung-Jun;Park, Jong-Min
    • Journal of information and communication convergence engineering
    • /
    • v.5 no.4
    • /
    • pp.346-350
    • /
    • 2007
  • Almost all network systems provide an authentication mechanism based on user ID and password. In such system, it is easy to obtain the user password using a sniffer program with illegal eavesdropping. The one-time password and challenge-response method are useful authentication schemes that protect the user passwords against eavesdropping. In client/server environments, the one-time password scheme using time is especially useful because it solves the synchronization problem. It is the stability that is based on Square Root Problem, and we would like to suggest PBSI(Password Based Secure Identification), enhancing the stability, for all of the well-known attacks by now including Off-line dictionary attack, password file compromise, Server and so on. The PBSI is also excellent in the aspect of the performance.

Human Memorable Password based Efficient and Secure Identification

  • Park Jong-Min
    • Journal of information and communication convergence engineering
    • /
    • v.3 no.4
    • /
    • pp.213-216
    • /
    • 2005
  • Almost all network systems provide an authentication mechanism based on user ID and password. In such system, it is easy to obtain the user password using a sniffer program with illegal eavesdropping. The one-time password and challenge-response method are useful authentication schemes that protect the user passwords against eavesdropping. In client/server environments, the one-time password scheme using time is especially useful because it solves the synchronization problem. It is the stability that is based on Square Root Problem, and we would like to suggest PBI(password Based Identification), enhancing the stability, for all of the well-known attacks by now including Off-line dictionary attack, password file compromise, Server and so on. The PBI is also excellent in the aspect of the performance.

Vulnerability of Two Password-based Key Exchange and Authentication Protocols against Off-line Password-Guessing Attacks (두 패스워드 기반 키 교환 및 인증 프로토콜들에 대한 오프라인 패스워드 추측 공격의 취약성 분석)

  • Shim, Kyung-Ah;Lee, Hyang-Sook;Lee, Ju-Hee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.1
    • /
    • pp.3-10
    • /
    • 2008
  • Since a number of password-based protocols are using human memorable passwords they are vulnerable to several kinds of password guessing attacks. In this paper, we show that two password-based key exchange and authentication protocols are insecure against off-line password-guessing attacks.

Password-based Authenticated Key Agreement Protocol Secure Against Advanced Modification Attack (Advanced Modification 공격에 안전한 패스워드 기반 키 동의 프로토콜)

  • Kwak, Jin;Oh, Soo-Hyun;Yang, Hyung-Kyu;Won, Dong-Ho
    • The KIPS Transactions:PartC
    • /
    • v.11C no.3
    • /
    • pp.277-286
    • /
    • 2004
  • Password-based mechanism is widely used methods for user authentication. Password-based mechanisms are using memorable passwords(weak ferrets), therefore Password-based mechanism are vulnerable to the password guessing attack. To overcome this problem, man password-based authenticated key exchange protocols have been proposed to resist password guessing attacks. Recently, Seo-Sweeny proposed password-based Simple Authenticated Key Agreement(SAKA) protocol. In this paper, first, we will examine the SAKA and authenticated key agreement protocols, and then we will show that the proposed simple authenticated key agreement protocols are still insecure against Advanced Modification Attack. And we propose a password-based Simple Authenticated Key Agreement Protocol secure against Advanced Modification Attack.

Multi-party Password-Authenticated Key Exchange Scheme with Privacy Preservation for Mobile Environment

  • Lu, Chung-Fu
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.9 no.12
    • /
    • pp.5135-5149
    • /
    • 2015
  • Communications among multi-party must be fast, cost effective and secure. Today's computing environments such as internet conference, multi-user games and many more applications involve multi-party. All participants together establish a common session key to enable multi-party and secure exchange of messages. Multi-party password-based authenticated key exchange scheme allows users to communicate securely over an insecure network by using easy-to-remember password. Kwon et al. proposed a practical three-party password-based authenticated key exchange (3-PAKE) scheme to allow two users to establish a session key through a server without pre-sharing a password between users. However, Kwon et al.'s scheme cannot meet the security requirements of key authentication, key confirmation and anonymity. In this paper, we present a novel, simple and efficient multi-party password-based authenticated key exchange (M-PAKE) scheme based on the elliptic curve cryptography for mobile environment. Our proposed scheme only requires two round-messages. Furthermore, the proposed scheme not only satisfies security requirements for PAKE scheme but also achieves efficient computation and communication.

A Novel Hybrid Algorithm Based on Word and Method Ranking for Password Security

  • Berker Tasoluk;Zuhal Tanrikulu
    • International Journal of Computer Science & Network Security
    • /
    • v.23 no.3
    • /
    • pp.161-168
    • /
    • 2023
  • It is a common practice to use a password in order to restrict access to information, or in a general sense, to assets. Right selection of the password is necessary for protecting the assets more effectively. Password finding/cracking try outs are performed for deciding which level of protection do used or prospective passwords offer, and password cracking algorithms are generated. These algorithms are becoming more intelligent and succeed in finding more number of passwords in less tries and in a shorter duration. In this study, the performances of possible password finding algorithms are measured, and a hybrid algorithm based on the performances of different password cracking algorithms is generated, and it is demonstrated that the performance of the hybrid algorithm is superior to the base algorithms.

A study on User Authentication Technology of Numeric based Pattern Password (숫자기반의 패턴 형식 패스워드 사용자인증 기술)

  • Ju, Seung-Hwan;Seo, Hee-Suk
    • Journal of the Korea Society of Computer and Information
    • /
    • v.17 no.9
    • /
    • pp.65-73
    • /
    • 2012
  • The traditional text-based password is vulnerable guessing, dictionary attacks, keyloggers, social engineering, stole view, etc. these vulnerability effect more serious problem in a mobile environment. In this study, By using the pattern number to enter the password of an existing four-digit numeric password, User easily use to new password system. The technology on pattern based numerical password authorization proposed in this paper would intensify the security of password which holds existing 10 numbers of cases by authorizing a user and would not invade convenience of use by providing high security and making users memorize only four numbers like old method. Making users not have inconvenience and raising complexity, it would have a strength to an shoulder surfing attack of an attacker. So I study password system that represents the shape-based of number. I propose the new password system to prevent peeking attacks and Brute-force attack, and this proposal is to review the security and usability.

Improved Password Change Protocol Using One-way Function (일방향 함수를 이용한 개선된 패스월드 변경 프로토콜)

  • Jeon Il-Soo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.16 no.2
    • /
    • pp.121-127
    • /
    • 2006
  • Recently, Chang et at.$^[9]$ proposed a new password-based key agreement protocol and a password change protocol to improve the efficiency in the password-based authenticated key agreement protocol proposed by Yeh et at.$^[8]$. However, Wang et al.$^[10]$ showed that their protected password change protocol is not secure under the denial of service attack and the dictionary attack This paper proposes an improved password change protocol to solve this problems in the Chang et al's protocol. In the proposed protocol, the format of communication messages is modified not to have any clue for the guessing of the password and verifying of the guessed password. The proposed protocol supports the advantages in the previous password-based protocols and solves the problems in them effectively.

Smart Card Based Password Authentication Scheme using Fuzzy Extraction Technology (퍼지추출 기술을 활용한 스마트 카드 기반 패스워드 인증 스킴)

  • Choi, Younsung
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.14 no.4
    • /
    • pp.125-134
    • /
    • 2018
  • Lamport firstly suggested password base authentication scheme and then, similar authentication schemes have been studied. Due to the development of Internet network technology, remote user authentication using smart card has been studied. Li et al. analyzed authentication scheme of Chen et al. and then, Li et al. found out the security weakness of Chen et al.'s scheme such forward secrecy and the wrong password login problem, and proposed an a new smart card based user password authentication scheme. But Liu et al. found out that Li et al.'s scheme still had security problems such an insider attack and man-in-the-middle attack and then Liu et al. proposed an efficient and secure smart card based password authentication scheme. This paper analyzed Liu et al.'s authentication and found out that Liu et al.'s authentication has security weakness such as no perfect forward secrecy, off-line password guessing attack, smart-card loss attack, and no anonymity. And then, this paper proposed security enhanced efficient smart card based password authentication scheme using fuzzy extraction technology.

Development Status and Prospects of Graphical Password Authentication System in Korea

  • Yang, Gi-Chul
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.13 no.11
    • /
    • pp.5755-5772
    • /
    • 2019
  • Security is becoming more important as society changes rapidly. In addition, today's ICT environment demands changes in existing security technologies. As a result, password authentication methods are also changing. The authentication method most often used for security is password authentication. The most-commonly used passwords are text-based. Security enhancement requires longer and more complex passwords, but long, complex, text-based passwords are hard to remember and inconvenient to use. Therefore, authentication techniques that can replace text-based passwords are required today. Graphical passwords are more difficult to steal than text-based passwords and are easier for users to remember. In recent years, researches into graphical passwords that can replace existing text-based passwords are being actively conducting in various places throughout the world. This article surveys recent research and development directions of graphical password authentication systems in Korea. For this purpose, security authentication methods using graphical passwords are categorized into technical groups and the research associated with graphical passwords performed in Korea is explored. In addition, the advantages and disadvantages of all investigated graphical password authentication methods were analyzed along with their characteristics.