Defining Limits of Resistance to Off-Line Password Guessing Attack and Denial-of-Service Attack in Multi-server Authentication Schemes

2017 ◽  
pp. 251-256
Author(s):  
ChangYu Zhu ◽  
Hong Wang
Keyword(s):  
Denial Of Service ◽  
Denial Of Service Attack ◽  
Password Guessing Attack ◽  
Service Attack ◽  
Authentication Schemes ◽  
Guessing Attack ◽  
Multi Server

scholarly journals Analysis and Enhancement of a Password Authentication and Update Scheme Based on Elliptic Curve Cryptography

2014 ◽  
Vol 2014 ◽  
pp. 1-11 ◽  
Author(s):  
Lili Wang
Keyword(s):  
Denial Of Service ◽  
Impersonation Attack ◽  
Password Authentication ◽  
Denial Of Service Attack ◽  
Password Guessing Attack ◽  
Insider Attack ◽  
Service Attack ◽  
Low Performance ◽  
Guessing Attack ◽  
Stolen Verifier Attack

Recently, a password authentication and update scheme has been presented by Islam and Biswas to remove the security weaknesses in Lin and Huang’s scheme. Unfortunately, He et al., Wang et al., and Li have found out that Islam and Biswas’ improvement was vulnerable to offline password guessing attack, stolen verifier attack, privilege insider attack, and denial of service attack. In this paper, we further analyze Islam and Biswas’ scheme and demonstrate that their scheme cannot resist password compromise impersonation attack. In order to remedy the weaknesses mentioned above, we propose an improved anonymous remote authentication scheme using smart card without using bilinear paring computation. In addition, the verifier tables are no longer existent, and the privacy of users could be protected better. Furthermore, our proposal not only inherits the advantages in Islam and Biswas’ scheme, but also provides more features, including preserving user anonymity, supporting offline password change, revocation, reregistration with the same identifier, and system update. Finally, we compare our enhancement with related works to illustrate that the improvement is more secure and robust, while maintaining low performance cost.

Analysis of the Dynamic ID-Based Remote User Authentication Schemes Using Smart Card for Multi-Server Environments

2014 ◽  
Vol 543-547 ◽  
pp. 3343-3347
Author(s):  
Xue Lei Li ◽  
Qiao Yan Wen ◽  
Wen Min Li ◽  
Hua Zhang ◽  
Zheng Ping Jin
Keyword(s):  
Smart Card ◽  
User Authentication ◽  
Password Guessing Attack ◽  
Remote User Authentication ◽  
Diffie Hellman ◽  
Dynamic Id ◽  
Authentication Schemes ◽  
Guessing Attack ◽  
Multi Server ◽  
Remote User

In this paper, we analyze and point out several weaknesses in the dynamic ID-based remote user authentication schemes using smart card for multi-server environments, and present the countermeasures to enhance the security of the schemes. Taking Li et al.'s scheme for instance, we demonstrate that their scheme does not provide forward secrecy and key privacy for the session keys, and cannot resist offline password guessing attack. Furthermore, the reasons of these security weaknesses are analyzed through extending the attacks to its predecessors. Finally, the improved ideas of local verification and authenticated Diffie-Hellman key agreement are presented to overcome the weaknesses mentioned above.

Low rate TCP denial-of-service attack detection at edge routers

2005 ◽  
Vol 9 (4) ◽  
pp. 363-365 ◽  
Author(s):  
A. Shevtekar ◽  
K. Anantharam ◽  
N. Ansari
Keyword(s):  
Denial Of Service ◽  
Attack Detection ◽  
Denial Of Service Attack ◽  
Service Attack ◽  
Low Rate
Sign in / Sign up

Export Citation Format

Share Document