Article ID Journal Published Year Pages File Type
449827 Computer Communications 2006 5 Pages PDF
Abstract

Remote user authentication based on passwords over untrusted networks is the conventional method of authentication in the Internet and mobile communication environments. Typical secure remote user access solutions rely on pre-established secure cryptographic keys, public-key infrastructure, or secure hardware. Recently, Peyravian and Jeffries proposed password-based protocols for remote user authentication, password change, and session key establishment over insecure networks without requiring any additional private- or public-key infrastructure. In this paper we point out security flaws of Peyravian–Jeffries’s protocols against off-line password guessing attacks and Denial-of-Service attacks.

Related Topics
Physical Sciences and Engineering Computer Science Computer Networks and Communications
Authors
,