• Title/Summary/Keyword: dictionary attacks

Search Result 36, Processing Time 0.029 seconds

Human Memorable Password based Efficient and Secure Identification

  • Park Jong-Min
    • Journal of information and communication convergence engineering
    • /
    • v.3 no.4
    • /
    • pp.213-216
    • /
    • 2005
  • Almost all network systems provide an authentication mechanism based on user ID and password. In such system, it is easy to obtain the user password using a sniffer program with illegal eavesdropping. The one-time password and challenge-response method are useful authentication schemes that protect the user passwords against eavesdropping. In client/server environments, the one-time password scheme using time is especially useful because it solves the synchronization problem. It is the stability that is based on Square Root Problem, and we would like to suggest PBI(password Based Identification), enhancing the stability, for all of the well-known attacks by now including Off-line dictionary attack, password file compromise, Server and so on. The PBI is also excellent in the aspect of the performance.

Dictionary Attack on Huang-Wei's Key Exchange and Authentication Scheme (Huang-Wei의 키 교환 및 인증 방식에 대한 사전공격)

  • Kim, Mi-Jin;Nam, Jung-Hyun;Won, Dong-Ho
    • Journal of Internet Computing and Services
    • /
    • v.9 no.2
    • /
    • pp.83-88
    • /
    • 2008
  • Session initiation protocol (SIP) is an application-layer prolocol to initiate and control multimedia client session. When client ask to use a SIP service, they need to be authenticated in order to get service from the server. Authentication in a SIP application is the process in which a client agent present credentials to another SIP element to establish a session or be granted access to the network service. In 2005, Yang et al. proposed a key exchange and authentication scheme for use in SIP applications, which is based on the Diffie-Hellman protocol. But, Yang et al.'s scheme is not suitable for the hardware-limited client and severs, since it requires the protocol participant to perform significant amount of computations (i.e., four modular exponentiations). Based on this observation. Huang and Wei have recently proposed a new efficient key exchange and authentication scheme thor improves on Yang et al.'s scheme. As for security, Huang and Wei claimed, among others, that their scheme is resistant to offline dictionary attacks. However, the claim turned out to be untrue. In this paper, we show thor Huang and Wei's key exchange and authentication scheme is vulnerable to on offline dictionary attack and forward secrecy.

  • PDF

Dictionary attack of remote user authentication scheme using side channel analysis (부채널 분석을 이용한 원거리 사용자 인증 기법의 사전공격)

  • Kim, Yong-Hun;Youn, Taek-Young;Park, Young-Ho;Hong, Seok-Hee
    • Journal of Broadcast Engineering
    • /
    • v.13 no.1
    • /
    • pp.62-68
    • /
    • 2008
  • Remote user authentication scheme is a cryptographic tool which permits a server to identify a remote user. In 2007, Wang et al. pointed out that Ku's remote user authentication scheme is vulnerable to a dictionary attack by obtaining some secret information in a smart card using side channel attacks. They also proposed a remote user authentication scheme which is secure against dictionary attack. In this paper, we analyze the protocol proposed by Wang et al. In the paper, it is claimed that the protocol is secure even though some values, which is stored in a smart card, are revealed to an adversary, However, we show that their protocol is insecure if the values are disclosed to an adversary.

Practical Password-Authenticated Three-Party Key Exchange

  • Kwon, Jeong-Ok;Jeong, Ik-Rae;Lee, Dong-Hoon
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.2 no.6
    • /
    • pp.312-332
    • /
    • 2008
  • Password-based authentication key exchange (PAKE) protocols in the literature typically assume a password that is shared between a client and a server. PAKE has been applied in various environments, especially in the “client-server” applications of remotely accessed systems, such as e-banking. With the rapid developments in modern communication environments, such as ad-hoc networks and ubiquitous computing, it is customary to construct a secure peer-to-peer channel, which is quite a different paradigm from existing paradigms. In such a peer-to-peer channel, it would be much more common for users to not share a password with others. In this paper, we consider password-based authentication key exchange in the three-party setting, where two users do not share a password between themselves but only with one server. The users make a session-key by using their different passwords with the help of the server. We propose an efficient password-based authentication key exchange protocol with different passwords that achieves forward secrecy in the standard model. The protocol requires parties to only memorize human-memorable passwords; all other information that is necessary to run the protocol is made public. The protocol is also light-weighted, i.e., it requires only three rounds and four modular exponentiations per user. In fact, this amount of computation and the number of rounds are comparable to the most efficient password-based authentication key exchange protocol in the random-oracle model. The dispensation of random oracles in the protocol does not require the security of any expensive signature schemes or zero-knowlegde proofs.

A password-based mutual authentication and key-agreement protocol (패스워드 기반의 상호 인증 및 키 교환 프로토콜)

  • 박호상;정수환
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.12 no.5
    • /
    • pp.37-43
    • /
    • 2002
  • This paper proposes a password-based mutual authentication and key agreement protocol, which is designed by applying ECDSA and ECDH. The proposed protocol, AKE-ECC, computes 2 times of point multiplication over ECC on each of client and server, and generates the key pairs(public key. private key) and a common session key using ECDH that is different compare to previously proposed protocol. It is against common attacks include a dictionary attack and the security of proposed protocol is based on the ECDLP, ECDH.

Hardware Crypto-Core Based Authentication System (하드웨어 암호코어 기반 인증 시스템)

  • Yoo, Sang-Guun;Park, Keun-Young;Kim, Tae-Jun;Kim, Ju-Ho
    • Journal of the Institute of Electronics Engineers of Korea TC
    • /
    • v.46 no.1
    • /
    • pp.121-132
    • /
    • 2009
  • Default password protection used in operating systems have had many advances, but when the attacker has physical access to the server or gets root(administrator) privileges, the attacker can steal the password information(e.g. shadow file in Unix-like systems or SAM file in Windows), and using brute force and dictionary attacks can manage to obtain users' passwords. It is really difficult to obligate users to use complex passwords, so it is really common to find weak accounts to exploit. In this paper, we present a secure authentication scheme based on digital signatures and secure key storage that solves this problem, and explain the possible implementations using Trusted Platform Module(TPM). We also make a performance analysis of hardware and software TPMs inside implementations.

Multi Server Password Authenticated Key Exchange Using Attribute-Based Encryption (속성 기반 암호화 방식을 이용한 다중 서버 패스워드 인증 키 교환)

  • Park, Minkyung;Cho, Eunsang;Kwon, Ted Taekyoung
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.40 no.8
    • /
    • pp.1597-1605
    • /
    • 2015
  • Password authenticated key exchange (PAKE) is a protocol that a client stores its password to a server, authenticates itself using its password and shares a session key with the server. In multi-server PAKE, a client splits its password and stores them to several servers separately. Unless all the servers are compromised, client's password will not be disclosed in the multi-server setting. In attribute-based encryption (ABE), a sender encrypts a message M using a set of attributes and then a receiver decrypts it using the same set of attributes. In this paper, we introduce multi-server PAKE protocol that utilizes a set of attributes of ABE as a client's password. In the protocol, the client and servers do not need to create additional public/private key pairs because the password is used as a set of public keys. Also, the client and the servers exchange only one round-trip message per server. The protocol is secure against dictionary attacks. We prove our system is secure in a proposed threat model. Finally we show feasibility through evaluating the execution time of the protocol.

Verifier-Based Multi-Party Password-Authenticated Key Exchange for Secure Content Transmission (그룹 사용자간 안전한 콘텐츠 전송을 위한 검증자를 이용한 패스워드 기반 다자간 키 교환 프로토콜)

  • Kwon, Jeong-Ok;Jeong, Ik-Rae;Choi, Jae-Tark;Lee, Dong-Hoon
    • Journal of Broadcast Engineering
    • /
    • v.13 no.2
    • /
    • pp.251-260
    • /
    • 2008
  • In this paper, we present two verifier-based multi-party PAKE (password-authenticated key exchange) protocols. The shared key can be used for secure content transmission. The suggested protocols are secure against server compromise attacks. Our first protocol is designed to provide forward secrecy and security against known-key attacks. The second protocol is designed to additionally provide key secrecy against the server which means that even the server can not know the session keys of the users of a group. The suggested protocols have a constant number of rounds are provably secure in the standard model. To the best of our knowledge, the proposed protocols are the first secure multi-party PAKE protocols against server compromise attacks in the literature.

Deduplication Technologies over Encrypted Data (암호데이터 중복처리 기술)

  • Kim, Keonwoo;Chang, Ku-Young;Kim, Ik-Kyun
    • Electronics and Telecommunications Trends
    • /
    • v.33 no.1
    • /
    • pp.68-77
    • /
    • 2018
  • Data deduplication is a common used technology in backup systems and cloud storage to reduce storage costs and network traffic. To preserve data privacy from servers or malicious attackers, there has been a growing demand in recent years for individuals and companies to encrypt data and store encrypted data on a server. In this study, we introduce two cryptographic primitives, Convergent Encryption and Message-Locked Encryption, which enable deduplication of encrypted data between clients and a storage server. We analyze the security of these schemes in terms of dictionary and poison attacks. In addition, we introduce deduplication systems that can be implemented in real cloud storage, which is a practical application environment, and describes the proof of ownership on client-side deduplication.

A Novel Hybrid Algorithm Based on Word and Method Ranking for Password Security

  • Berker Tasoluk;Zuhal Tanrikulu
    • International Journal of Computer Science & Network Security
    • /
    • v.23 no.3
    • /
    • pp.161-168
    • /
    • 2023
  • It is a common practice to use a password in order to restrict access to information, or in a general sense, to assets. Right selection of the password is necessary for protecting the assets more effectively. Password finding/cracking try outs are performed for deciding which level of protection do used or prospective passwords offer, and password cracking algorithms are generated. These algorithms are becoming more intelligent and succeed in finding more number of passwords in less tries and in a shorter duration. In this study, the performances of possible password finding algorithms are measured, and a hybrid algorithm based on the performances of different password cracking algorithms is generated, and it is demonstrated that the performance of the hybrid algorithm is superior to the base algorithms.