A Robust Password-Based Multi-Server Authentication Scheme

Vorugunti Chandra Sekhar; Mrudula Sarvabhatla

arXiv:1401.6121·cs.CR·January 24, 2014·2 cites

A Robust Password-Based Multi-Server Authentication Scheme

Vorugunti Chandra Sekhar, Mrudula Sarvabhatla

PDF

Open Access

TL;DR

This paper analyzes vulnerabilities in existing multi-server password authentication schemes, demonstrating an undetectable online guessing attack, and proposes an improved scheme to address these security flaws.

Contribution

It identifies a new vulnerability in Tsai et al.'s scheme and introduces an improved scheme that overcomes previous security weaknesses.

Findings

01

Tsai et al.'s scheme is vulnerable to undetectable online password guessing.

02

The proposed scheme resists the identified attack and enhances security.

03

The improved scheme mitigates cryptographic vulnerabilities in prior schemes.

Abstract

In 2013, Tsai et al. cryptanalyzed Yeh et al. scheme and shown that Yeh et al., scheme is vulnerable to various cryptographic attacks and proposed an improved scheme. In this poster we will show that Tsai et al., scheme is also vulnerable to undetectable online password guessing attack, on success of the attack, the adversary can perform all major cryptographic attacks. As apart of our contribution, we have proposed an improved scheme which overcomes the defects in Tsai et al. and Yeh et al. schemes.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsAdvanced Authentication Protocols Security · User Authentication and Security Systems