Improved against off-line dictionary attack password change protocol

doi:10.3778/j.issn.1002-8331.2009.25.036

Computer Engineering and Applications ›› 2009, Vol. 45 ›› Issue (25): 118-120.DOI: 10.3778/j.issn.1002-8331.2009.25.036

• 网络、通信、安全 • Previous Articles Next Articles

Improved against off-line dictionary attack password change protocol

LUO Xuan，CAO Tian-jie

School of Computer，Nanhu，China University of Mining and Technology，Xuzhou，Jiangsu 221116，China

Received:2009-04-27 Revised:2009-06-08 Online:2009-09-01 Published:2009-09-01
Contact: LUO Xuan

改进的抵抗离线字典攻击的口令更新协议

罗璇，曹天杰

中国矿业大学（南湖校区）计算机科学与技术学院，江苏徐州 221116

通讯作者: 罗璇

Abstract

Abstract: Password authentication is the simplest，most convenient and most widely used means of authentication.Recently，Tsaur and some others point out that the password change protocol which is presented by Chang presents the denial-of-service attacks and cannot provide backward secrecy.Then，they present an improved password change mechanism which is claimed to be secure.Their protocol is analysed to show that their improved password change mechanism fails to against the off-line dictionary attack and cannot provide backward secrecy and forward secrecy.Finally，an improved against off-line dictionary attack password change protocol is proposed，which can resist off-line dictionary attack and provide backward secrecy and forward secrecy.

Key words: authentication, password change, off-line dictionary attacks, forward secrecy, backward secrecy

摘要： 口令认证是最简单，方便和应用最广泛的一种用户认证方式。最近，Tsaur等人指出了Chang等人的口令更新协议存在拒绝服务攻击并且不能提供口令的后向安全。随后，他们给出了一种改进的口令更新协议，并声称该协议是安全的。文中，分析了Tsaur等人的口令更新协议，指出了其方案是易受离线字典攻击的，且不能提供口令的前向和后向安全性。最后，提出一种改进的口令更新协议，并分析其安全性。

关键词: 认证, 口令更新, 离线字典攻击, 前向安全, 后向安全

CLC Number:

TP393

TP309

LUO Xuan，CAO Tian-jie. Improved against off-line dictionary attack password change protocol[J]. Computer Engineering and Applications, 2009, 45(25): 118-120.

罗璇，曹天杰. 改进的抵抗离线字典攻击的口令更新协议[J]. 计算机工程与应用, 2009, 45(25): 118-120.

[1]	ZOU Jianwen, ZHAO Bo, LI Xiang, LIU Yifan, LI Jiayue. tPUF-Based Security Access Scheme for IoT Devices [J]. Computer Engineering and Applications, 2021, 57(2): 119-126.
[2]	CHEN Feihong, ZHANG Feng, CHEN Junning, WU Xiulong. Lightweight RFID Authentication Protocol Based on RRAM PUF [J]. Computer Engineering and Applications, 2021, 57(1): 141-149.
[3]	MEI Songqing, DENG Xiaoru. Ultra-Lightweight Mobile RFID Authentication Protocol for Bit Replacement Operations [J]. Computer Engineering and Applications, 2020, 56(3): 100-105.
[4]	XU Guoyu, XU Gang, JIANG Tao, HU Haitao. Research on Quantitative Analysis of Authentication Mechanism Performance for Space-Ground Integrated Information Network [J]. Computer Engineering and Applications, 2020, 56(21): 108-114.
[5]	MA Yuanyuan, LIU Zhoubin, WANG Zixiang. Research on Heterogeneous Terminal Security Access Technology in Edge Computing Scenario [J]. Computer Engineering and Applications, 2020, 56(17): 115-120.
[6]	LI Yanjun, WANG Shubei, YANG Xiaotong, CAO Yisen. Lightweight NFC Security Authentication Scheme Based on Mobile Terminal [J]. Computer Engineering and Applications, 2020, 56(16): 84-89.
[7]	DU Mengyao, WANG Zheng, LI Na, QIANG Yan. Dynamic Password Authentication Protocol for Wireless Body Area Network [J]. Computer Engineering and Applications, 2020, 56(14): 68-73.
[8]	LIU Liwei1, SUN Jianzhi1, TAN Li1, YANG Bin2. Research on Trusted Authentication Method of Network Device Based on IMC/IMV [J]. Computer Engineering and Applications, 2019, 55(9): 79-86.
[9]	ZHAN Shanhua1，2. Secure Bidirectional Authentication Protocol for RFID [J]. Computer Engineering and Applications, 2019, 55(5): 83-88.
[10]	YANG Minghui, ZOU Xiang. Evaluation of US Electronic Identity Guide [J]. Computer Engineering and Applications, 2019, 55(23): 22-28.
[11]	ZHAO Taifei, YIN Hang, ZHAO Siting. Anti-Desynchronization and Efficient RFID Mutual Authentication Protocol [J]. Computer Engineering and Applications, 2019, 55(12): 90-96.
[12]	LI Xiaowen, LI Yangyang, LEI Xiu. Research and Implementation of Authentication and Key Agreement Process in 5G Client [J]. Computer Engineering and Applications, 2019, 55(11): 35-39.
[13]	HUANG Guosheng1, 2, XIA Minghua2. USBKey aided certificateless mobile IP registration authentication protocol [J]. Computer Engineering and Applications, 2018, 54(9): 96-100.
[14]	XIAO Meihua, LI Wei, LI Yanan, MEI Yingtian. Security communication framework of DICOM protocol based on PACS cloud [J]. Computer Engineering and Applications, 2018, 54(7): 107-113.
[15]	XU Guoyu, MIAO Xuna, ZHANG Junfeng, JIANG Tao, MA Xiaofei. Review of implicit authentication for mobile devices [J]. Computer Engineering and Applications, 2018, 54(6): 19-25.

Improved against off-line dictionary attack password change protocol

改进的抵抗离线字典攻击的口令更新协议

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics