An improvement Password-based Authentication Protocol using Smart Card
To access resources from a remote system, the user authentication is a very important security mechanism. Among remote authentication protocol, password-based authenticated key exchange protocol is most popular since the two communication entities can establish a session key, which is used to protect their later communication over insecure networks, by only sharing a human-memorable password. Recently, Xu Zhu proposed improved password-based protocol using smart card based on previous research. He claimed that his protocol is secure against various attacks. However, Song points out that the Xu Zhus protocol suffers from attacks. In addition, Song gives an improved version of Xu Zhu. In this paper, we found that Songs protocol also is insecure and it is vulnerable to off-line dictionary attack. Later, we extend Songs protocol so that the extended protocol can resist to offline dictionary attack even if an adversary captures the smart card.
Offline dictionary attack Password Protocol Smart card
Liu Hui
School of Science Jiangxi University of Science and Technology Ganzhou, Jiangxi 341000, China
国际会议
2010 International Conference on Measurement and Control Engineering(2010年IEEE测量与控制工程国际会议 ICMCE2010)
成都
英文
741-743
2010-11-16(万方平台首次上网日期,不代表论文的发表时间)