Secure Password Based Authentication Protocol to Thwart Online Dictionary Attacks | NCCU Academic Hub

學術產出-Journal Articles

Article View/Open

pdf(379)

Publication Export

Google Scholar^TM

政大圖書館

學術資源探索系統

Citation Infomation

No doi shows Citation Infomation

Simple Record
Full Record

題名	Secure Password Based Authentication Protocol to Thwart Online Dictionary Attacks
作者	Sood, Sandeep K.
關鍵詞	Hyper Text Transfer Protocol;Cookies;Password;Secure Socket Layer;Online Dictionary Attacks
日期	2011-03
上傳時間	16-Aug-2016 15:45:34 (UTC+8)
摘要	Password is the most universally used authentication technique to authenticate the users on the web. Password based authentication protocols are vulnerable to dictionary attacks by means of automated programs because most of the user chosen passwords are limited to the user’s personal domain. In this paper, we propose a secure password based authentication protocol in which the computation efforts required from the attacker during login on to the web server increases with each login failure. The web server stores the cookie on the client`s computer if the legitimate client authenticates itself to the web server. There after, the legitimate client can easily authenticate itself to the web server from a computer that contains cookie. However, the legitimate client or the attacker has to put up some additional computational efforts during login from a computer that does not contain cookie. The client generated dynamic authentication information is different for the same user in different sessions of Secure Socket Layer (SSL) protocol. The concept used in this paper is to combine traditional password authentication with a challenge that is easy to answer by the legitimate client and the computational cost of authentication increases for an attacker with each login failure. Therefore, even the automated programs can not launch online dictionary attacks on the proposed protocol. This protocol provides better protection against different types of attacks launched by the attacker. The proposed protocol is easy to implement and it removes the some of the deficiencies of previously suggested password based authentication protocols.
關聯	資管評論, 16(2), 93-110 MIS review
資料類型	article

dc.creator (作者)	Sood, Sandeep K.
dc.date (日期)	2011-03
dc.date.accessioned	16-Aug-2016 15:45:34 (UTC+8)	-
dc.date.available	16-Aug-2016 15:45:34 (UTC+8)	-
dc.date.issued (上傳時間)	16-Aug-2016 15:45:34 (UTC+8)	-
dc.identifier.uri (URI)	http://nccur.lib.nccu.edu.tw/handle/140.119/100290	-
dc.description.abstract (摘要)	Password is the most universally used authentication technique to authenticate the users on the web. Password based authentication protocols are vulnerable to dictionary attacks by means of automated programs because most of the user chosen passwords are limited to the user’s personal domain. In this paper, we propose a secure password based authentication protocol in which the computation efforts required from the attacker during login on to the web server increases with each login failure. The web server stores the cookie on the client`s computer if the legitimate client authenticates itself to the web server. There after, the legitimate client can easily authenticate itself to the web server from a computer that contains cookie. However, the legitimate client or the attacker has to put up some additional computational efforts during login from a computer that does not contain cookie. The client generated dynamic authentication information is different for the same user in different sessions of Secure Socket Layer (SSL) protocol. The concept used in this paper is to combine traditional password authentication with a challenge that is easy to answer by the legitimate client and the computational cost of authentication increases for an attacker with each login failure. Therefore, even the automated programs can not launch online dictionary attacks on the proposed protocol. This protocol provides better protection against different types of attacks launched by the attacker. The proposed protocol is easy to implement and it removes the some of the deficiencies of previously suggested password based authentication protocols.
dc.format.extent	1094153 bytes	-
dc.format.mimetype	application/pdf	-
dc.relation (關聯)	資管評論, 16(2), 93-110
dc.relation (關聯)	MIS review
dc.subject (關鍵詞)	Hyper Text Transfer Protocol;Cookies;Password;Secure Socket Layer;Online Dictionary Attacks
dc.title (題名)	Secure Password Based Authentication Protocol to Thwart Online Dictionary Attacks
dc.type (資料類型)	article