Improvement of the Peyravian-Jeffries`s user authentication protocol and password change protocolMarko Hölbl
, Tatjana Welzer-Družovec
, Boštjan Brumen
, 2008, original scientific article
Abstract: Remote authentication of users supported by passwords is a broadly adopted method of authentication within insecure network environments. Such protocols typically rely on pre-established secure cryptographic keys or public key infrastructure. Recently, Peyravian and Jeffries [M. Peyravian, C. Jeffries, Secure remote user access over insecure networks, Computer Communications 29 (5-6) (2006) 660-667] proposed a protocol for secure remote user access over insecure networks. Shortly after the protocol was published Shim [K.A. Shim, Security flaws of remote user access over insecure networks, Computer Communications 30 (1) (2006) 117-121] and Munilla et al. [J. Munilla, A. Peinado, Off-line password-guessing attack to Peyravian-Jeffries`s remote user authentication protocol, Computer Communications 30 (1) (2006) 52-54] independently presented an off-line guessing attack on the protocol. Based on their findings we present an improved secure password-based protocol for remote user authentication, password change, and session key establishment over insecure networks, which is immune against the attack.
Keywords: networks, user authentication, remote user access, password-based protocol, security
Published: 31.05.2012; Views: 971; Downloads: 26
Link to full text