Abstract
The offline password guessing attack and denial-of-service attack are two important security properties in multi-server authentication schemes. Recently, a large number of schemes have been published to against the two attacks. However, we find out that it is very difficult to against the two attacks at the same time. In this paper, the limits are pointed out using six recent authentication schemes as example. Then we analyze the reason of this case and give two conclusions to solve this problem. This conclusions can help us establish a more accurate provably secure model, so as to design a provably secure scheme in multi-server environment.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
He, D.B., Wang, D.: Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst. J. 9, 816–823 (2015)
Odelu, V., Kumar, A., Goswami, A.: A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Trans. Inf. Forensics Secur. 9, 1953–1966 (2015)
He, D.B., Zeadally, S., Kumar, N., Wu, W.: Efficient and anonymous mobile user authentication protocol using self-certified public key cryptography for multi-server architectures. IEEE Trans. Inf. Forensics Secur. 9, 2052–2064 (2016)
Mishra, D.: Design and analysis of a provably secure multi-server authentication scheme. Wirel. Pers. Commun. 86, 1095–1119 (2016)
Shen, H., Gao, C., He, D.B., Wu, L.B.: New biometrics-based authentication scheme for multi-server environment in critical systems. J. Ambient Intell. Human Comput. 6, 825–834 (2015)
Xiong, L., Wang, K., Shen, J., et al.: An enhanced biometric-based user authentication scheme for multi-server environment in.critical systems. J. Ambient Intell. Human Comput. 7, 427–443 (2016)
Acknowledgments
This work has been supported by the open research fund of key laboratory of intelligent network information processing, Xihua University (SZJJ2012-032).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Zhu, C., Wang, H. (2018). Defining Limits of Resistance to Off-Line Password Guessing Attack and Denial-of-Service Attack in Multi-server Authentication Schemes. In: Qiao, F., Patnaik, S., Wang, J. (eds) Recent Developments in Mechatronics and Intelligent Robotics. ICMIR 2017. Advances in Intelligent Systems and Computing, vol 690. Springer, Cham. https://doi.org/10.1007/978-3-319-65978-7_39
Download citation
DOI: https://doi.org/10.1007/978-3-319-65978-7_39
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-65977-0
Online ISBN: 978-3-319-65978-7
eBook Packages: EngineeringEngineering (R0)