Abstract | ||
---|---|---|
AbstractSmart-card-based password authentication scheme is one of the commonly used mechanisms to prevent unauthorized service and resource access and to remove the potential security threats over the insecure networks and has been investigated extensively in the last decade. Recently, Chen et al. proposed a smart-card-based password authentication scheme and claimed that the scheme can withstand offline password guessing attacks even if the information stored in the smart card is extracted by the adversary. However, we observe that the scheme of Chen et al. is insecure against offline password guessing attacks in this case. To remedy this security problem, we propose an improved authentication protocol, which inherits the merits of the scheme of Chen et al. and is free from the security flaw of their scheme. Compared with the previous schemes, our improved scheme provides more security guarantees while keeping efficiency. Copyright © 2013 John Wiley & Sons, Ltd. |
Year | DOI | Venue |
---|---|---|
2015 | 10.1002/dac.2644 | Periodicals |
Keywords | Field | DocType |
remote access, mutual authentication, secure channel, password, smart card, offline password guessing attack | Zero-knowledge password proof,Password strength,Challenge–response authentication,Computer security,Computer science,Computer network,S/KEY,One-time password,Password policy,Password,Cognitive password | Journal |
Volume | Issue | ISSN |
28 | 2 | 1074-5351 |
Citations | PageRank | References |
24 | 0.64 | 14 |
Authors | ||
4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Qi Jiang | 1 | 254 | 10.02 |
Jianfeng Ma | 2 | 340 | 40.21 |
Guangsong Li | 3 | 294 | 11.49 |
Xinghua Li | 4 | 137 | 18.95 |