Detection and Prevention of New Attacks for ID-based Authentication Protocols

01/29/2021
by   Jinyong Chen, et al.
0

The rapid development of information and network technologies motivates the emergence of various new computing paradigms, such as distributed computing, and edge computing. This also enables more and more network enterprises to provide multiple different services simultaneously. To ensure these services can conveniently be accessed only by authorized users, many password and smart card-based authentication schemes for multi-server architecture have been proposed. In this paper, we review several dynamic ID-based password authentication schemes for multi-server environments. New attacks against four of these schemes are presented, demonstrating that an adversary can impersonate either legitimate or fictitious users. The impact of these attacks is the failure to achieve the main security requirement: authentication. Thus, the security of the analyzed schemes is proven to be compromised. We analyze these four dynamic ID-based schemes and discuss the reasons for the success of the new attacks. Additionally, we propose a new set of design guidelines to prevent such exploitable weaknesses on dynamic ID-based authentication protocols. Finally, we apply the proposed guidelines to the analyzed protocols and demonstrate that violation of these guidelines leads to insecure protocols.

READ FULL TEXT
POST COMMENT

Comments

There are no comments yet.

Authors

page 1

page 2

page 3

page 4

04/19/2020

Secure and Energy-Efficient Key-Agreement Protocol for Multi-Server Architecture

Authentication schemes are practised globally to verify the legitimacy o...
10/13/2021

Privacy-Preserving Mutual Authentication and Key Agreement Scheme for Multi-Server Healthcare System

The usage of different technologies and smart devices helps people to ge...
02/22/2019

RAMHU: A New Robust Lightweight Scheme for Mutual Users Authentication in Healthcare Applications

Providing a mechanism to authenticate users in healthcare applications i...
05/31/2019

Protocols for Checking Compromised Credentials

To prevent credential stuffing attacks, industry best practice now proac...
11/30/2017

Efficacy of Object-Based Passwords for User Authentication

Traditional text-based password schemes are inherently weak. Users tend ...
08/15/2021

An authentication model based on cryptography

In this paper we proposed an authentication technique based on the user ...
07/11/2019

Challenges and Directions for Authentication in Pervasive Computing

We quickly approach a "pervasive future" where pervasive computing is th...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.