• Title/Summary/Keyword: password guessing attack

Search Result 71, Processing Time 0.024 seconds

An Improved Two-Factor Mutual Authentication Scheme with Key Agreement in Wireless Sensor Networks

  • Li, Jiping;Ding, Yaoming;Xiong, Zenggang;Liu, Shouyin
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.11 no.11
    • /
    • pp.5556-5573
    • /
    • 2017
  • As a main component of Internet of Things (IoTs), the wireless sensor networks (WSNs) have been widely applied to various areas, including environment monitoring, health monitoring of human body, farming, commercial manufacture, reconnaissance mission in military, and calamity alert etc. Meanwhile, the privacy concerns also arise when the users are required to get the real-time data from the sensor nodes directly. To solve this problem, several user authentication and key agreement schemes with a smart card and a password have been proposed in the past years. However, these schemes are vulnerable to some attacks such as offline password guessing attack, user impersonation attack by using attacker's own smart card, sensor node impersonation attack and gateway node bypassing attack. In this paper, we propose an improved scheme which can resist a wide variety of attacks in WSNs. Cryptanalysis and performance analysis show that our scheme can solve the weaknesses of previously proposed schemes and enhance security requirements while maintaining low computational cost.

Weaknesses of the new design of wearable token system proposed by Sun et al. (Sun 등이 제안한 착용 가능한 토큰 시스템의 취약점 분석에 관한 연구)

  • Kim, Jung-Yoon;Choi, Hyoung-Kee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.20 no.5
    • /
    • pp.81-88
    • /
    • 2010
  • Sun et al. proposed a new design of wearable token system for security of mobile devices, such as a notebook and PDA. In this paper, we show that Sun et al.'s system is vulnerable to off-line password guessing attack and man in the middle attack based on known plain-text attack. We propose an improved scheme which overcomes the weaknesses of Sun et al.'s system. The proposed protocol requires to perform one modular multiplication in the wearable token, which has low computation ability, and modular exponentiation in the mobile devices, which have sufficient computing resources. Our protocol has no security problem, which threatens Sun's system, and known vulnerabilities. That is, the proposed protocol overcomes the security problems of Sun's system with minimal overheads.

Analysis on Security Vulnerabilities of a Biometric-based User Authentication Scheme for Wireless Sensor Networks (무선 센서 네트워크를 위한 생체 정보 기반 사용자 인증 스킴의 보안 취약점 분석)

  • Joo, Young-Do
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.14 no.1
    • /
    • pp.147-153
    • /
    • 2014
  • The numerous improved schemes of remote user authentication based on password have been proposed in order to overcome the security weakness in user authentication process. Recently, some of biometric-based user authentication schemes to use personal biometric information have been introduced and they have shown the relatively higher security and the enhanced convenience as compared to traditional password-based schemes. These days wireless sensor network is a fundamental technology in face of the ubiquitous era. The wireless sensor networks to collect and process the data from sensor nodes in increasing high-tech applications require important security issues to prevent the data access from the unauthorized person. Accordingly, the research to apply to the user authentication to the wireless sensor networks has been under the progress. In 2010, Yuan et al. proposed a biometric-based user authentication scheme to be applicable for wireless sensor networks. Yuan et al. claimed that their scheme is effectively secure against the various security flaws including the stolen verifier attack. In this paper, author will prove that Yuan et al.'s scheme is still vulnerable to the password guessing attack, user impersonation attack and the replay attack, by analyzing their security weakness.

Simple and Efficient Authenticated Key Agreement Protocol (간단하고 효율적인 상호 인증 키 동의 프로토콜)

  • 이성운;유기영
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.13 no.5
    • /
    • pp.105-112
    • /
    • 2003
  • In this raper, we propose two simple and efficient key agreement protocols, called SEKA-H and SEKA-E, which use a pre-shared password between two parties for mutual authentication and agreeing a common session key. The SEKA-H protocol uses a hash function to verify an agreed session key. The SEKA-E Protocol, a variant of SEKA-H, uses an exponentiation operation in the verification phase. They are secure against the man-in-the-middle attack the password guessing attack and the Denning-Sacco attack and provide the perfect forward secrecy. The SEKA-H protocol is very simple in structure and provides good efficiency compared with other well-known protocols. The SEKA-E protocol is also comparable with the previous protocols.

A study on User Authentication Technology of Numeric based Pattern Password (숫자기반의 패턴 형식 패스워드 사용자인증 기술)

  • Ju, Seung-Hwan;Seo, Hee-Suk
    • Journal of the Korea Society of Computer and Information
    • /
    • v.17 no.9
    • /
    • pp.65-73
    • /
    • 2012
  • The traditional text-based password is vulnerable guessing, dictionary attacks, keyloggers, social engineering, stole view, etc. these vulnerability effect more serious problem in a mobile environment. In this study, By using the pattern number to enter the password of an existing four-digit numeric password, User easily use to new password system. The technology on pattern based numerical password authorization proposed in this paper would intensify the security of password which holds existing 10 numbers of cases by authorizing a user and would not invade convenience of use by providing high security and making users memorize only four numbers like old method. Making users not have inconvenience and raising complexity, it would have a strength to an shoulder surfing attack of an attacker. So I study password system that represents the shape-based of number. I propose the new password system to prevent peeking attacks and Brute-force attack, and this proposal is to review the security and usability.

An ID-Based Remote User Authentication Scheme in IoT (사물인터넷에서 ID기반 원격 사용자 인증 방식)

  • Park, KiSung;Lee, SungYup;Park, YoHan;Park, YoungHo
    • Journal of Korea Multimedia Society
    • /
    • v.18 no.12
    • /
    • pp.1483-1491
    • /
    • 2015
  • Applications of Internet of Things (IoT) supply various conveniences, however unsolved security problems such as personal privacy, data manipulation cause harm to persons, even nations and an limit the applicable areas of Internet of IoT technology. Therefore, study about secure and efficient security system on IoT are required. This paper proposes ID-based remote user authentication scheme in IoT environments. Proposed scheme provides untraceability of users by using different pseudonym identities in every session and reduces the number of variables. Our proposal is secure against inside attack, smart card loss attack, user impersonation attack, server masquerading attack, online/offline password guessing attack, and so on. Therefore, this can be applied to the lightweight IoT environments.

Three-Party Authenticated Key Exchange Protocol using Smartcards (스마트카드를 이용한 3자 참여 인증된 키교환 프로토콜)

  • Jeon, Il-Soo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.16 no.6
    • /
    • pp.73-80
    • /
    • 2006
  • Recently, Sun et el. proposed a three-party authenticated key exchange protocol using the public key of the server and the derived verifier from the Password of a user. This paper proposes a password-based three-party authenticated key exchange protocol using smartcards. Since the proposed protocol has very low computation cost by using XOR and hash function operation instead of the public key operation, and reduces the count of message transmission to 20% compared with the protocol of Sun et el., it can execute an effective authenticated key exchange. Furthermore, the proposed protocol is safe from password guessing attack by not saving passwords in the server, and it is also safe from server compromise attack because the server cannot know the shared session key between the two users.

Authenticated Key Exchange Protocol against Off-line Password Guessing Attack (오프라인 패스워드 추측 공격에 강한 키 교환 프로토콜)

  • 김우헌;김현성;이성운;유기영
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 2002.10c
    • /
    • pp.445-447
    • /
    • 2002
  • Lin 등이 제안한 키 교환 프로토콜 및 SAKA 변형 키 교환 프로토콜은 오프라인 패스워드 추측 공격에 대응하지 못했다. 본 논문에서는 기존의 SAKA 변형 키 교환 프로토콜의 취약점을 해결하기 위한 새로운 키 교환 프로토콜을 제안한다. 제안한 프로토콜은 키 검증단계에서 일방향 해쉬 함수를 이용함으로서 기존 프로토콜의 문제점들을 해결하였다. 본 논문에서 제안한 프로토콜은 키 교환 프로토콜에서 요구되는 재전송 공격과 오프라인 패스워드 추측 공격에 강한 특징을 갖고 완전한 전방향 보안(perfect forward secrecy)을 제공한다.

  • PDF

Hidden Indicator Based PIN-Entry Method Using Audio Signals

  • Seo, Hwajeong;Kim, Howon
    • Journal of information and communication convergence engineering
    • /
    • v.15 no.2
    • /
    • pp.91-96
    • /
    • 2017
  • PIN-entry interfaces have high risks to leak secret values if the malicious attackers perform shoulder-surfing attacks with advanced monitoring and observation devices. To make the PIN-entry secure, many studies have considered invisible radio channels as a secure medium to deliver private information. However, the methods are also vulnerable if the malicious adversaries find a hint of secret values from user's $na{\ddot{i}}ve$ gestures. In this paper, we revisit the state-of-art radio channel based bimodal PIN-entry method and analyze the information leakage from the previous method by exploiting the sight tracking attacks. The proposed sight tracking attack technique significantly reduces the original password complexities by 93.8% after post-processing. To keep the security level strong, we introduce the advanced bimodal PIN-entry technique. The new technique delivers the secret indicator information through a secure radio channel and the smartphone screen only displays the multiple indicator options without corresponding numbers. Afterwards, the users select the target value by following the circular layout. The method completely hides the password and is secure against the advanced shoulder-surfing attacks.

Security Improvements on Smart-Card Based Mutual Authentication Scheme (스마트카드 기반 상호인증 스킴의 보안성 개선)

  • Joo, Young-Do
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.12 no.6
    • /
    • pp.91-98
    • /
    • 2012
  • Password-based authentication schemes have been widely adopted in order to protect resources from unauthorized access. In 2008, Liu et al. proposed a new mutual authentication scheme using smart cards which can withstand the forged attack. In this paper, author has proven that Liu et al.'s scheme is still vulnerable to the various attacks by analyzing the security of their scheme. This paper introduces an enhanced scheme to overcome these security weakness and to provide mutual authentication between the user and the server, even if the secrete information stored in the smart card is revealed by an attacker. The comparative result from the security analysis demonstrates that the proposed scheme is more secure against the possible attacks than Liu et al.'s scheme.