检索结果-南通市图书馆

A Provably Secure and Efficient Remote Password Authentication Scheme Using Smart Cards

Computers, Materials & Continua 2022年第6期71卷 6125-6145页

作者： Fairuz Shohaimay Eddie Shahril Ismail Department of Mathematical Sciences Faculty of Science and TechnologyUniversiti Kebangsaan MalaysiaUKM Bangi43600SelangorMalaysia Department of Mathematics Faculty of Computer and Mathematical SciencesUniversiti Teknologi MARA PahangRaub CampusRaub27600PahangMalaysia

Communication technology has advanced dramatically amid the 21st century,increasing the security risk in safeguarding sensitive information.The remote Password authentication(RPA)scheme is the simplest cryptosystem that serves as the first line of defence against unauthorised entity attacks.Although the literature contains numerous RPA schemes,to the best of the authors’knowledge,only few schemes based on the integer factorisation problem(IFP)and the discrete logarithm problem(DLP)that provided a provision for session key agreement to ensure proper mutual authentication.Furthermore,none of the previous schemes provided formal security proof using the random oracle model.Therefore,this study proposed an improved RPA scheme with session key establishment between user and server.The design of the proposed RPA scheme is based on the widely established Dolev-Yao adversary model.Moreover,as the main contribution,a novel formal security analysis based on formal definitions of IFP and DLP under the random oracle model was presented.The proposed scheme’s performance was compared to that of other similar competitive schemes in terms of the transmission/computational cost and time complexity.The findings revealed that the proposed scheme required higher memory storage costs in smart cards.Nonetheless,the proposed scheme is more efficient regarding the transmission cost of login and response messages and the total time complexity compared to other scheme of similar security attributes.Overall,the proposed scheme outperformed the other RPA schemes based on IFP and DLP.Finally,the potential application of converting the RPA scheme to a user identification(UI)scheme is considered for future work.Since RPA and UI schemes are similar,the proposed approach can be expanded to develop a provably secure and efficientUI scheme based on IFP and DLP.

关键词： Authentication scheme discrete logarithm factorisation Password provable security

来源：

维普期刊数据库评论

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

Two-factor ( biometric and Password) authentication key exchange on lattice based on key consensus

引用

The Journal of China Universities of Posts and Telecommunications 2020年第6期27卷 42-53页

作者： Zhao Zongqu Ma Shaoti Wang Yongjun Tang Yongli Ye Qing College of Computer Science and Technology Henan Polytechnic UniversityJiaozuo 454000China

In the post-quantum era,the Password-based authentication key exchange(PAKE)protocol on lattice has the characteristics of convenience and high efficiency,however these protocols cannot resist online dictionary attack that is a common method used by attackers.A lattice-based two-factor(biometric and Password)authentication key exchange(TFAKE)protocol based on key consensus(KC)is proposed.The protocol encapsulates the hash value of biometric information and Password through a splittable encryption method,and compares the decapsulated information with the server's stored value to achieve the dual identity authentication.Then the protocol utilizes the asymmetric hash structure to simplify the calculation steps,which increases the calculation efficiency.Moreover,KC algorithm is employed in reducing data transmission overhead.Compared with the current PAKE protocol,the proposed protocol has the characteristics of hybrid authentication and resisting online dictionary attack.And it reduces the number of communication rounds and improves the efficiency and the security of protocol application.

关键词： KC biometric key exchange Password

来源：

维普期刊数据库

同方期刊数据库评论

在线全文

学校读者我要写书评

暂无评论

A Provably Secure General Construction for Key Exchange Protocols Using Smart Card and Password

引用

Chinese Journal of Electronics 2017年第2期26卷 271-278页

作者： ZHANG Gefei FAN Dan ZHANG Yuqing LI Xiaowei National Computer Network Intrusion Protection Center University of Chinese Academy of Sciences State Key Laboratory of Information Security Institute of Information EngineeringChinese Academy of Sciences

Key exchange protocols using both smart card and Password are widely used nowadays since they provide greater convenience and stronger security than protocols using only a Password.Most of these protocols are often limited to simple network systems,and they may have security risks.We propose a general construction for key exchange protocols using smart card and Password to avoid these flaws.The constructed protocol from the general construction has only one additional communication round than the original public encryption scheme.This construction is proven secure under random oracle model,so it can resist several common types of attacks.It is also adapted well to various networks.Compared with related protocols,the proposed key exchange protocol generated from the general construction has better secure properties and good computational efficiency in storage cost and operation time.

关键词： General construction Provable secure Smart card Password Key exchange protocol

来源：

同方期刊数据库评论

在线全文

同方期刊数据库

学校读者我要写书评

暂无评论

Hybritus:a Password strength checker by ensemble learning from the query feedbacks of websites

引用

Frontiers of Computer Science 2020年第3期14卷 189-202页

作者： Yongzhong HE Endalew Elsabeth ALEM Wei WANG Beijing Key Laboratory of Security and Privacy in Intelligent Transportation Beijing Jiaotong UniversityBeijing 100044China

Password authentication is vulnerable to dictionary attacks.Password strength measurement helps users to choose hard-to-guess Passwords and enhance the security of systems based on Password authentication.Although there are many Password strength metrics and tools,none of them produces an objective measurement with inconsistent policies and different dictionaries.In this work,we analyzed the Password policies and checkers of top 100 popular websites that are selected from Alexa rankings.The checkers are inconsistent and thus they may label the same Password as different strength labels,because each checker is sensitive to its configuration,e.g.,the algorithm used and the training data.Attackers are empowered to exploit the above vulnerabilities to crack the protected systems more easily.As such,single metrics or local training data are not enough to build a robust and secure Password checker.Based on these observations,we proposed Hybritus that integrates different websites'strategies and views into a global and robust model of the attackers with multiple layer perceptron(MLP)neural networks.Our data set is comprised of more than 3.3 million Passwords taken from the leaked,transformed and randomly generated dictionaries.The data set were sent to 10 website checkers to get the feedbacks on the strength of Passwords labeled as strong,medium and weak.Then we used the features of Passwords generated by term frequency-inverse document frequency to train and test Hybritus.The experimental results show that the accuracy of Passwords strength checking can be as high as 97.7%and over 94%even if it was trained with only ten thousand Passwords.User study shows that Hybritus is usable as well as secure.

关键词： Password Password strength,Password checker,neural networks

来源：

维普期刊数据库评论

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

An efficient and practical threshold gateway-oriented Password-authenticated key exchange protocol in the standard model

引用

Science China(Information Sciences) 2017年第7期60卷 130-143页

作者： Fushan WEI Jianfeng MA Ruijie ZHANG Chuangui MA Xuan WANG State Key Laboratory of Integrated Service Networks Xidian University State Key Laboratory of Mathematical Engineering and Advanced Computing The PLA Information Engineering University Engineering University of CAPF

With the assistance of an authentication server, a gateway-oriented Password-authenticated key exchange(GPAKE) protocol can establish a common session key shared between a client and a gateway. Unfortunately, a GPAKE protocol becomes totally insecure if an adversary can compromise the authentication server and steal the Passwords of the clients. In order to provide resilience against adversaries who can hack into the authentication server, we propose a threshold GPAKE protocol and then present its security proof in the standard model based on the hardness of the decisional Diffie-Hellman(DDH) problem. In our proposal,the Password is shared among n authentication servers and is secure unless the adversary corrupts more than t + 1 servers. Our protocol requires n > 3t servers to work. Compared with existing threshold PAKE protocols,our protocol maintains both stronger security and greater efficiency.

关键词： Password key exchange gateway threshold provable security

来源：

同方期刊数据库评论

在线全文

同方期刊数据库

学校读者我要写书评

暂无评论

Off-Line Dictionary Attack on Password-Based Authenticated Key Exchange Protocols

引用

Wuhan University Journal of Natural Sciences 2012年第6期17卷 468-472页

作者： XU Chungen YANG Yanjiong Department of Applied Mathematics Nanjing University of Science and TechnologyNanjing 210094JiangsuChina Zijin College Nanjing University of Science and TechnologyNanjing 210046JiangsuChina

In 2010,Lee et al proposed two simple and efficient three-party Password-authenticated key exchange protocols that had been proven secure in the random oracle model.They argued that the two protocols could resist offline dictionary attacks.Indeed,the provable approach did not provide protection against off-line dictionary attacks.This paper shows that the two protocols are vulnerable to off-line dictionary attacks in the presence of an inside attacker because of an authentication flaw.This study conducts a detailed analysis on the flaw in the protocols and also shows how to eliminate the security flaw.

关键词： key exchange Password off-line dictionary attack provable security

来源：

维普期刊数据库

同方期刊数据库评论

在线全文

学校读者我要写书评

暂无评论

基于RESTful以及Salted Password Hashing算法的模拟试衣间系统

引用

现代信息科技 2019年第11期3卷 196-198页

作者：夏禹江西财经大学软件与物联网工程学院

本文主要从系统设计、功能实现、整体架构的角度介绍了基于B/S模式下的模拟试衣间系统。本文还着重地介绍了Salted Password Hashing加密算法与传统的哈希函数加密算法之间存在的区别与联系,Salted Password Hashing加密算法在传统的软... 详细信息

本文主要从系统设计、功能实现、整体架构的角度介绍了基于B/S模式下的模拟试衣间系统。本文还着重地介绍了Salted Password Hashing加密算法与传统的哈希函数加密算法之间存在的区别与联系,Salted Password Hashing加密算法在传统的软件系统中能够发挥重要作用,以及RESTful架构下软件系统的使用设计、实现方案及REST设计规范为实际软件编程带来的便利。

关键词：模拟试衣间系统 RESTful 前后端分离 Salted Password Hashing

来源：

维普期刊数据库

同方期刊数据库评论

在线全文

学校读者我要写书评

暂无评论

A New Secure Password Authentication Scheme Using Smart Cards

引用

Wuhan University Journal of Natural Sciences 2008年第6期13卷 739-743页

作者： WANG Bangju1,2, WANG Yuhua3, ZHANG Huanguo1 1. School of Computer, Wuhan University/Key Laboratory of Aerospace Information Security and Trust Computing of Ministry of Education, Wuhan 430072, Hubei, China 2. School of Science, Huazhong Agricultural University, Wuhan 430070, Hubei, China 3. College of Information Science and Engineering, Henan University of Technology Zhengzhou 450001, Henan, China School of Computer Wuhan University/Key Laboratory of Aerospace Information Security and Trust Computing of Ministry of Education Wuhan China School of Science Huazhong Agricultural University Wuhan China College of Information Science and Engineering Henan University of Technology Zhengzhou China

Thirteen security requirements for an ideal Password authentication scheme using smart cards are listed and a new smart card based Password authentication scheme with identity anonymity is proposed. The new scheme can satisfy all the listed ideal security requirements and has the following merits：（1） it can resist all the attacks listed in introduction; （2） less storage memory requirement due to no verification table stored in server; （3） low computational cost due to hash functions based operations; （4） even if the smart card is lost, the new system is still secure; （5） As user identity is anonymous, this scheme is more practical. The new proposed scheme can be applied in source constraint networks.

关键词： Password Password authentication hash function attack smart card

来源：

维普期刊数据库

同方期刊数据库评论

在线全文

学校读者我要写书评

暂无评论

巧用Passware Password Recovery Kit破解密码

引用

电脑知识与技术（经验技巧） 2018年第9期 26-27页

作者：顾娟安徽生物工程学校

Passware Password RecoveryKit是国外一款优秀的密码恢复软件，具有强大的文件保护密码破解能力，几乎可以破解当今所有文件的密码。在网上下载“Passware Password Recovery Kit”汉化绿色版后，安装并运行“Passware Password Recove... 详细信息

Passware Password RecoveryKit是国外一款优秀的密码恢复软件，具有强大的文件保护密码破解能力，几乎可以破解当今所有文件的密码。在网上下载“Passware Password Recovery Kit”汉化绿色版后，安装并运行“Passware Password Recovery Kit”即可使用（图1）。下面一起体验下它的常用功能吧。

关键词： Password Recovery 密码破解 Kit 巧用文件保护恢复软件网上下载

来源：

维普期刊数据库

同方期刊数据库评论

在线全文

学校读者我要写书评

暂无评论

一次性密码验证系统

引用

物探化探计算技术 2007年第2期29卷 177-181,90页

作者：王曦史闻博苗放成都理工大学信息工程学院成都610059

简单介绍一次性密码系统机理,并与现有密码机制进行比较。一次性密码体现出诸多优势,其算法设计灵活、复杂度适中、计算量较小且安全性较高,这里给出了应用该算法设计的登陆系统的实现和工作原理。实践应用证明,该算法的登陆系统应用灵... 详细信息

简单介绍一次性密码系统机理,并与现有密码机制进行比较。一次性密码体现出诸多优势,其算法设计灵活、复杂度适中、计算量较小且安全性较高,这里给出了应用该算法设计的登陆系统的实现和工作原理。实践应用证明,该算法的登陆系统应用灵活性强,系统资源消耗小,这均表明该算法的高性能及高可用性。

关键词： OPA(One-time Password Algorithms) 一次性密码系统 PAM 安全攻击

来源：

维普期刊数据库

同方期刊数据库评论

在线全文

学校读者我要写书评

暂无评论

欢迎您,

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

在线全文

在线全文

在线全文

在线全文

在线全文

在线全文

在线全文

在线全文

在线全文

在线全文

请选择保存的检索档案：

请选择收藏分类：

通借通还

欢迎您,

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

在线全文

在线全文

在线全文

在线全文

在线全文

在线全文

在线全文

在线全文

在线全文

在线全文

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：