A practical password-based two-server authentication and key exchange system
Most password-based user authentication systems place total trust on the authentication server where cleartext passwords or easily derived password verification data are stored in a central database. Such systems are, thus, by no means resilient against offline dictionary attacks initiated at the se...
Saved in:
Main Authors: | , , |
---|---|
Format: | text |
Language: | English |
Published: |
Institutional Knowledge at Singapore Management University
2006
|
Subjects: | |
Online Access: | https://ink.library.smu.edu.sg/sis_research/1190 https://ink.library.smu.edu.sg/context/sis_research/article/2189/viewcontent/A_practical_password_based_two_server_authentication_and_key_exchange_system.pdf |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Singapore Management University |
Language: | English |
id |
sg-smu-ink.sis_research-2189 |
---|---|
record_format |
dspace |
spelling |
sg-smu-ink.sis_research-21892019-04-02T02:07:22Z A practical password-based two-server authentication and key exchange system YANG, Yanjiang DENG, Robert H. Bao, Feng Most password-based user authentication systems place total trust on the authentication server where cleartext passwords or easily derived password verification data are stored in a central database. Such systems are, thus, by no means resilient against offline dictionary attacks initiated at the server side. Compromise of the authentication server by either outsiders or insiders subjects all user passwords to exposure and may have serious legal and financial repercussions to an organization. Recently, several multiserver password systems were proposed to circumvent the single point of vulnerability inherent in the single-server architecture. However, these multiserver systems are difficult to deploy and operate in practice since either a user has to communicate simultaneously with multiple servers or the protocols are quite expensive. In this paper, we present a practical password-based user authentication and key exchange system employing a novel two-server architecture. Our system has a number of appealing features. In our system, only a front-end service server engages directly with users while a control server stays behind the scene; therefore, it can be directly applied to strengthen existing single-server password systems. In addition, the system is secure against offline dictionary attacks mounted by either of the two servers. 2006-04-01T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/1190 info:doi/10.1109/TDSC.2006.16 https://ink.library.smu.edu.sg/context/sis_research/article/2189/viewcontent/A_practical_password_based_two_server_authentication_and_key_exchange_system.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Password system password verification data (PVD) user authentication key exchange offline dictionary attack Information Security |
institution |
Singapore Management University |
building |
SMU Libraries |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
SMU Libraries |
collection |
InK@SMU |
language |
English |
topic |
Password system password verification data (PVD) user authentication key exchange offline dictionary attack Information Security |
spellingShingle |
Password system password verification data (PVD) user authentication key exchange offline dictionary attack Information Security YANG, Yanjiang DENG, Robert H. Bao, Feng A practical password-based two-server authentication and key exchange system |
description |
Most password-based user authentication systems place total trust on the authentication server where cleartext passwords or easily derived password verification data are stored in a central database. Such systems are, thus, by no means resilient against offline dictionary attacks initiated at the server side. Compromise of the authentication server by either outsiders or insiders subjects all user passwords to exposure and may have serious legal and financial repercussions to an organization. Recently, several multiserver password systems were proposed to circumvent the single point of vulnerability inherent in the single-server architecture. However, these multiserver systems are difficult to deploy and operate in practice since either a user has to communicate simultaneously with multiple servers or the protocols are quite expensive. In this paper, we present a practical password-based user authentication and key exchange system employing a novel two-server architecture. Our system has a number of appealing features. In our system, only a front-end service server engages directly with users while a control server stays behind the scene; therefore, it can be directly applied to strengthen existing single-server password systems. In addition, the system is secure against offline dictionary attacks mounted by either of the two servers. |
format |
text |
author |
YANG, Yanjiang DENG, Robert H. Bao, Feng |
author_facet |
YANG, Yanjiang DENG, Robert H. Bao, Feng |
author_sort |
YANG, Yanjiang |
title |
A practical password-based two-server authentication and key exchange system |
title_short |
A practical password-based two-server authentication and key exchange system |
title_full |
A practical password-based two-server authentication and key exchange system |
title_fullStr |
A practical password-based two-server authentication and key exchange system |
title_full_unstemmed |
A practical password-based two-server authentication and key exchange system |
title_sort |
practical password-based two-server authentication and key exchange system |
publisher |
Institutional Knowledge at Singapore Management University |
publishDate |
2006 |
url |
https://ink.library.smu.edu.sg/sis_research/1190 https://ink.library.smu.edu.sg/context/sis_research/article/2189/viewcontent/A_practical_password_based_two_server_authentication_and_key_exchange_system.pdf |
_version_ |
1770570892692160512 |