The Experts below are selected from a list of 2445 Experts worldwide ranked by ideXlab platform
Zhang Fu-yong - One of the best experts on this subject based on the ideXlab platform.
-
Design and analysis of USB-Key based Strong Password authentication scheme
Journal of Computer Applications, 2011Co-Authors: Zhang Fu-yongAbstract:Concerning that the OSPA protocol is vulnerable to the replay attack and the denial-of-service attack,in this paper,a USB-Key based Strong Password authentication scheme was proposed,which used USB-Key to verify the user's Password and store the security parameter.In this scheme,user's identity can be protected by using the temporary identity and the authentication parameters computation by Hash function.This scheme can achieve mutual authentication between user and server by transferring the authentication parameters.The security analysis of the scheme proves that the scheme is resistant to replay attack,impersonation attack and Denial of Service(DoS) attack,and it has high security,and it can be used by users with limited computation ability.
Radia J Perlman - One of the best experts on this subject based on the ideXlab platform.
-
pdm a new Strong Password based protocol
USENIX Security Symposium, 2001Co-Authors: Charlie Kaufman, Radia J PerlmanAbstract:In this paper we present PDM (Password Derived Moduli), a new approach to Strong Password-based protocols usable either for mutual authentication or for downloading security information such as the user's private key. We describe how the properties desirable for Strong Password mutual authentication differ from the properties desirable for credentials download. In particular, a protocol used solely for credentials download can be simpler and less expensive than one used for mutual authentication since some properties (such as authentication of the server) are not necessary for credentials download. The features necessary for mutual authentication can be easily added to a credentials download protocol, but many of the protocols designed for mutual authentication are not as desirable for use in credentials download as protocols like PDM and basic EKE and SPEKE because they are unnecessarily expensive when used for that purpose. PDM's performance is vastly more expensive at the client than any of the protocols in the literature, but it is more efficient at the server. We claim that performance at the server, since a server must handle a large and potentially unpredictable number of clients, is more important than performance at the client, assuming that client performance is "good enough". We describe PDM for credentials download, and then show how to enhance it to have the properties desirable for mutual authentication. In particular, the enhancement we advocate for allowing PDM to avoid storing a Password-equivalent at the server is less expensive than existing schemes, and our approach can be used as a more efficient (at the server) variant of augmented EKE and SPEKE than the currently published schemes. PDM is important because it is a very different approach to the problem than any in the literature, we believe it to be unencumbered by patents, and because it can be a lot less expensive at the server than existing schemes.
-
USENIX Security Symposium - PDM: a new Strong Password-based protocol
2001Co-Authors: Charlie Kaufman, Radia J PerlmanAbstract:In this paper we present PDM (Password Derived Moduli), a new approach to Strong Password-based protocols usable either for mutual authentication or for downloading security information such as the user's private key. We describe how the properties desirable for Strong Password mutual authentication differ from the properties desirable for credentials download. In particular, a protocol used solely for credentials download can be simpler and less expensive than one used for mutual authentication since some properties (such as authentication of the server) are not necessary for credentials download. The features necessary for mutual authentication can be easily added to a credentials download protocol, but many of the protocols designed for mutual authentication are not as desirable for use in credentials download as protocols like PDM and basic EKE and SPEKE because they are unnecessarily expensive when used for that purpose. PDM's performance is vastly more expensive at the client than any of the protocols in the literature, but it is more efficient at the server. We claim that performance at the server, since a server must handle a large and potentially unpredictable number of clients, is more important than performance at the client, assuming that client performance is "good enough". We describe PDM for credentials download, and then show how to enhance it to have the properties desirable for mutual authentication. In particular, the enhancement we advocate for allowing PDM to avoid storing a Password-equivalent at the server is less expensive than existing schemes, and our approach can be used as a more efficient (at the server) variant of augmented EKE and SPEKE than the currently published schemes. PDM is important because it is a very different approach to the problem than any in the literature, we believe it to be unencumbered by patents, and because it can be a lot less expensive at the server than existing schemes.
Chin-chen Chang - One of the best experts on this subject based on the ideXlab platform.
-
A smart card based authentication protocol for Strong Passwords
2006Co-Authors: Chin-chen Chang, Hao-Chuan TsaiAbstract:In 2003, Lin et al. proposed an enhanced protocol of optimal Strong-Password authentication protocol (OSPA). Recently, Chang and Chang showed that Lin et al.'s protocol is vulnerable to a server spoofing attack and a denial-of-service attack and then described an improved protocol. In this paper, we show that Chang-Chang's protocol is still vulnerable to a stolen-verifier attack. In addition, we also propose an improved protocol with better security.
-
ICESS - An improvement on Strong-Password authentication protocols
Embedded Software and Systems, 2005Co-Authors: Ya-fen Chang, Chin-chen ChangAbstract:Password authentication schemes can be divided into two types. One requires the easy-to-remember Password, and the other requires the Strong Password. In 2000, Sandirigama et al. proposed a simple and secure Password authentication protocol (SAS). Then, Lin et al. showed that SAS suffers from two weaknesses and proposed an improvement (OSPA) in 2001. However, Chen and Ku pointed out that both SAS and OSPA are vulnerable to the stolen-verifier attack. We also find that these two protocols lack the property of mutual authentication. Hence, we propose an improvement of SAS and OSPA to defend against the stolen-verifier attack and provide mutual authentication in this paper.
-
An improvement on Strong-Password authentication protocols
Lecture Notes in Computer Science, 2005Co-Authors: Ya-fen Chang, Chin-chen ChangAbstract:Password authentication schemes can be divided into two types. One requires the easy-to-remember Password, and the other requires the Strong Password. In 2000, Sandirigama et al. proposed a simple and secure Password authentication protocol (SAS). Then, Lin et al. showed that SAS suffers from two weaknesses and proposed an improvement (OSPA) in 2001. However, Chen and Ku pointed out that both SAS and OSPA are vulnerable to the stolen-verifier attack. We also find that these two protocols lack the property of mutual authentication. Hence, we propose an improvement of SAS and OSPA to defend against the stolen-verifier attack and provide mutual authentication in this paper.
-
A secure and efficient Strong-Password authentication protocol
ACM SIGOPS Operating Systems Review, 2004Co-Authors: Ya-fen Chang, Chin-chen ChangAbstract:Password authentication protocols are divided into two types. One employs the easy-to-remember Password while the other requires the Strong Password. In 2001, Lin et al. proposed an optimal Strong-Password authentication protocol (OSPA) to resist the replay attack and the denial-of-service attack. However, Chen and Ku pointed out that the OSPA protocol is vulnerable to the stolen-verifier attack. Hence, Lin et al. presented an enhancement in 2003. Nevertheless, mutual authentication is not ensured in Lin et al.'s protocol such that it suffers from the server spoofing attack. Moreover, Lin et al.'s protocol is also vulnerable to the denial-of-service attack. As a result, we present a secure Strong-Password authentication protocol in this paper to overcome their disadvantages.
Song Cheng - One of the best experts on this subject based on the ideXlab platform.
-
A Hash-based Secure Strong-Password Authentication Protocol
Computer Engineering, 2006Co-Authors: Song ChengAbstract:Based on the analysis of OSPA protocol,which is a typical hash-based Strong-Password authentication protocol,this paper presents a hash-based Strong-Password mutual authentication scheme-SPAS.SPAS is resistant to DoS attacks,replay attacks,impersonation attacks,and stolen-verifier attacks.It expects SPAS can be employed in application scenarios where lightweight and secure user authentication scheme is required.
Ramzi Saifan - One of the best experts on this subject based on the ideXlab platform.
-
analysis of Strong Password using keystroke dynamics authentication in touch screen devices
Conference on Computational Complexity, 2016Co-Authors: Asma Salem, Dema Zaidan, Andraws Swidan, Ramzi SaifanAbstract:In this paper user verification and identification system on touch screen mobile devices is proposed. The system examines the keystroke dynamics and uses it as a second authentication factor. The study proposes a prototype for a keyboard application developed for collecting timing and non-timing information from keystroke dynamics. In addition to other mentioned in literature studies, we propose complex Password combination, which consists of text, numbers, and special characters. Strengthening access control using artificial neural networking model is suggested. Neural network model based on multilayer perceptron classifier which uses back propagation algorithm is proposed. This paper presents a unique approach for combining timing and non-timing features together, as it includes several non-timing features such pressure, size, and position in addition to the duration time features. Several experiments have been done based on specific machine learning for data mining and classification toolkit named WEKA. The obtained results show that keystroke dynamics provides acceptable level of performance measures as a second authentication factor. The distinguishable role for non-timing features beside the timing features is demonstrated. These features have a significant role for improving the performance measures of keystroke dynamic behavioral authentication. The proposed model achieves lower error rate of false acceptance of 2.2%, false rejection of 8.67%, and equal error rate of 5.43% which are better than most of references provided in the literature.
-
CCC - Analysis of Strong Password Using Keystroke Dynamics Authentication in Touch Screen Devices
2016 Cybersecurity and Cyberforensics Conference (CCC), 2016Co-Authors: Asma Salem, Dema Zaidan, Andraws Swidan, Ramzi SaifanAbstract:In this paper user verification and identification system on touch screen mobile devices is proposed. The system examines the keystroke dynamics and uses it as a second authentication factor. The study proposes a prototype for a keyboard application developed for collecting timing and non-timing information from keystroke dynamics. In addition to other mentioned in literature studies, we propose complex Password combination, which consists of text, numbers, and special characters. Strengthening access control using artificial neural networking model is suggested. Neural network model based on multilayer perceptron classifier which uses back propagation algorithm is proposed. This paper presents a unique approach for combining timing and non-timing features together, as it includes several non-timing features such pressure, size, and position in addition to the duration time features. Several experiments have been done based on specific machine learning for data mining and classification toolkit named WEKA. The obtained results show that keystroke dynamics provides acceptable level of performance measures as a second authentication factor. The distinguishable role for non-timing features beside the timing features is demonstrated. These features have a significant role for improving the performance measures of keystroke dynamic behavioral authentication. The proposed model achieves lower error rate of false acceptance of 2.2%, false rejection of 8.67%, and equal error rate of 5.43% which are better than most of references provided in the literature.