Affiliation:
1. University of Cambridge Computer Laboratory, New Museums Site, Pembroke Street, Cambridge CB2 3QG, England
Abstract
It is well-known that, left to themselves, people will choose passwords that can be rather readily guessed. If this is done, they are usually vulnerable to an attack based on copying the content of messages forming part of an authentication protocol and experimenting, e.g. with a dictionary, offline. The most usual counter to this threat is to require people to use passwords which are obscure, or even to insist on the system choosing their passwords for them. In this paper we show alternatively how to construct an authentication protocol in which offline experimentation is impracticable; any attack based on experiment must involve the real authentication server and is thus open to detection by the server noticing multiple attempts.
Publisher
Association for Computing Machinery (ACM)
Reference7 articles.
1. New Directions in Cryptography~;Diffie W.;IEEE Transactions on Information Theory,1976
2. Password security
3. Using encryption for authentication in large networks of computers
Cited by
34 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. SoK;Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security;2022-05-30
2. Two-Round Password-Based Authenticated Key Exchange from Lattices;Wireless Communications and Mobile Computing;2020-12-14
3. Research on the Network Security Protocols Based on the Strand Spaces Theory;Applied Mechanics and Materials;2013-10
4. Efficient Two-Server Password-Only Authenticated Key Exchange;IEEE Transactions on Parallel and Distributed Systems;2013-09
5. Two-server password-only authenticated key exchange;Journal of Computer and System Sciences;2012-03