Offline Dictionary Attack on Password Authentication Schemes Using Smart Cards

Wang, Ding; Wang, Ping

doi:10.1007/978-3-319-27659-5_16

Cited by 64 publications

(41 citation statements)

References 50 publications

(98 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Wang, Ma, P. Wang, & Chen, 2012;D. Wang, Ma, & P. Wang, 2012b;D. Wang & P. Wang, 2013;Y, Wang, 2012)also presented the confidence of two authentication protocols of Leu and Hsieh (Hsieh & Leu, 2012) and found that their scheme is defenseless to the offline dictionary.…”

Section: Related Workmentioning

confidence: 99%

“…Wang, Ma, P. Wang, & Chen, 2012;D. Wang, Ma, & P. Wang, 2012b;D. Wang & P. Wang, 2013;Y, Wang, 2012) present a remarkable learning to examine the trust among smart cards and terminal; that is, whenever an attacker gets a lost smart card, the chance of user's information is being compromised at any stage and at level.…”

Section: Related Workmentioning

confidence: 99%

“…Wang, Ma, P. Wang, & Chen, 2012;D. Wang, Ma, & P. Wang, 2012b;D. Wang & P. Wang, 2013;Y, Wang, 2012): (a) a private key based schemes are secure against the type I and II attackers, but not against a type III attacker; (b) a public key schemes are secure against type I, II and III attackers; (c) a public key HMQV-based schemes are secure against type I and II attackers, but not against the type III attacker; and (d) a public key based PSCAV-based schemes are secure against type I, II and III attackers.…”

Section: Related Workmentioning

confidence: 99%

“…Wang, Ma, P. Wang, & Chen, 2012;D. Wang, Ma, & P. Wang, 2012b;D. Wang & P. Wang, 2013;Y, Wang, 2012) found that PSCAb has many practical drawbacks, and PSCAV is defenseless in the type III attacker.…”

Section: Related Workmentioning

confidence: 99%

“…They also presented the characteristics of offline request submitter's password change facility and strong resistance to stolen or loss smart card attack which are hard to realize simultaneously. Later, in (D. Wang & P. Wang, 2013) they investigated all the weaknesses among system efficiency and user anonymity and scrutinized a significant result: a public key infrastructure (PKI) technique is essentially crucial for a two-factor authentication scheme with user anonymity. But they used cryptographic method for their schemes.…”

Section: Related Workmentioning

confidence: 99%

See 4 more Smart Citations

A Robust Authentication Scheme for Client-Server Architecture With Provable Security Analysis

Jan¹,

Qayum²

2018

NCT

View full text Add to dashboard Cite

Client-server computing is the analytical development of compatible programming with significant supposition and the detachment of a massive program into its fundamental parts ("modules"), which can create the chance for extra enhancement, inconsiderable improvement, and prominent maintainability. In client-server computing, total extensive modules don't need to be accomplished within the similar memory space totally but can execute independently on a suitable hardware and software platform according to their behavior. The user authentication is the dominant constraint for client-server computing that limits the illegitimate right of entry into the main workstation. This research is mainly focused on the design of a robust authentication scheme for client-server architecture computing. It carries some additional features like security, virtualization, user's programs security, individuality supervision, integrity, control access to server and authentication. The proposed background also delivers the characteristic supervision, mutual authentication, and establishment of secure session key among users and the remote server.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 3 more Smart Citations

A Robust Authentication Scheme for Client-Server Architecture With Provable Security Analysis

Jan¹,

Qayum²

2018

NCT

View full text Add to dashboard Cite

show abstract

S3BD: Secure semantic search over encrypted big data in the cloud

Woodworth

Salehi²

2018

Concurrency and Computation

View full text Add to dashboard Cite

Summary Cloud storage is a widely utilized service for both personal and enterprise demands. However, despite its advantages, many potential users with enormous amounts of sensitive data (big data) refrain from fully utilizing the cloud storage service due to valid concerns about data privacy. An established solution to the cloud data privacy problem is to perform encryption on the client‐end. This approach, however, restricts data processing capabilities (eg, searching over the data). Accordingly, the research problem we investigate is how to enable real‐time searching over the encrypted big data in the cloud. In particular, semantic search is of interest to clients dealing with big data. To address this problem, in this research, we develop a system (termed S3BD) for searching big data using cloud services without exposing any data to cloud providers. To keep real‐time response on big data, S3BD proactively prunes the search space to a subset of the whole dataset. For that purpose, we propose a method to cluster the encrypted data. An abstract of each cluster is maintained on the client‐end to navigate the search operation to appropriate clusters at the search time. Results of experiments, carried out on real‐world big datasets, demonstrate that the search operation can be achieved in real‐time and is significantly more efficient than other counterparts. In addition, a fully functional prototype of S3BD is made publicly available.

show abstract

An efficient two‐party authentication key exchange protocol for mobile environment

Chen

2017

Int J Communication

View full text Add to dashboard Cite

The primary goal of this research is to ensure secure communications by clientserver architectures in mobile environment. Although various two-party authentication key exchange protocols are proposed and claimed to be resistant to a variety of attacks, studies have shown that various loopholes exist in these protocols. What's more, many two-party authentication key exchange protocols use timestamp to prevent the replay attack and transmit the user's identity in plaintext form. Obviously, these methods will lead to the clock synchronization problem and user's anonymity problem. Fortunately, the three-way challenged-response handshake technique and masking user's original identity with a secret hash value used in our study address these problems well. Of course, the proposed protocol based on elliptic curve cryptography supports flawless mutual authentication of participants, agreement of session key, impersonation attack resistance, replay attack resistance, and prefect forward secrecy, as well. The analyses in the aspects of efficiency and security show that the proposed protocol is a better choice for mobile users.

show abstract

Offline Dictionary Attack on Password Authentication Schemes Using Smart Cards

Cited by 64 publications

References 50 publications

A Robust Authentication Scheme for Client-Server Architecture With Provable Security Analysis

A Robust Authentication Scheme for Client-Server Architecture With Provable Security Analysis

S3BD: Secure semantic search over encrypted big data in the cloud

An efficient two‐party authentication key exchange protocol for mobile environment

Contact Info

Product

Resources

About