JISE Vol.22 No.5 #9

Journal of Information Science and Engineering, Vol. 22 No. 5, pp. 1125-1143 (September 2006)

Secure Authentication Protocols Resistant to Guessing Attacks^*

Jia-Ning Luo, Shiuhpyng Shieh⁺ and Ji-Chiang Shen⁺
Department of Information and Telecommunication
Ming Chuan University
Taoyuan, 333 Taiwan
E-mail: deer@mcu.edu.tw
⁺Department of Computer Science and Information Engineering
National Chiao Tung University
Hsinchu, 300 Taiwan
E-mail: ssp@csie.nctu.edu.tw

Users are normally authenticated via their passwords in computer systems. Since people tend to choose passwords that can be easily remembered, the systems are under the threat of guessing attacks. Many authentication and key distribution protocols have been proposed to protect user passwords from guessing attacks. However, these protocols either are limited to some specific environments or incur high computation and communication costs. In the paper, we first specify five common forms of guessing attacks, which are used to determine whether a protocol is vulnerable to those attacks. Based on these common forms, some guidelines are provided for developing secure protocols that can be used in both symmetric and asymmetric cryptosystems to defend against guessing attacks. Finally, we enhance the well-known authentication system Kerberos and propose two authentication and key distribution protocols, which are both resistant to guessing attacks.

Keywords: network security, authentication, guessing attack, keyword, keyword

Retrieve PDF document (200609_09.pdf)

Received April 16, 2004; revised August 9, 2004 & February 17, 2005; accepted May 30, 2005.
Communicated by Ja-Ling Wu.
^*This work was supported by III and National Science Council of Taiwan, R.O.C., under grant No. ___________________.