安全认证协议，抵御对认证数据表的离线攻击

IF 0.9 Q4 COMPUTER SCIENCE, INFORMATION SYSTEMS Journal of Computer Security Pub Date : 2023-06-06 DOI:10.3233/jcs-210171

Vinod Ramesh Falmari, B. M.

{"title":"安全认证协议，抵御对认证数据表的离线攻击","authors":"Vinod Ramesh Falmari, B. M.","doi":"10.3233/jcs-210171","DOIUrl":null,"url":null,"abstract":"In text-based authentication, the passwords along with user names are maintained in the Authentication Data Table (ADT). It is necessary to preserve the privacy of passwords in ADT to avoid offline attacks like brute force attacks, lookup table attacks, etc. In this paper, three password protection schemes, namely Encrypted Image Password (EIP), Dynamic Authentication Data Table (D-ADT), and Extended Encrypted Image Password (EEIP) are proposed for secure authentication. In EIP, the input passwords are first converted to hashed passwords and then transformed into images. Next, these image passwords are encrypted using a novel image password encryption system using chaos functions and confusion-diffusion mechanisms. In D-ADT, the hashed passwords are encrypted using a random key. The major highlight of this scheme is that during every log, the hashed password is encrypted with a new random key while keeping the plain password same as it is. So, during each login of the user, the old encrypted password is replaced with a new encrypted password in the authentication data table. The EEIP scheme combines both approaches. Passwords are converted to images and image passwords are encrypted with the new random key at every login. Performance and security analysis are carried out for the proposed algorithm concerning correlation analysis, differential analysis, entropy analysis, computation time, keyspace, and offline attack analysis.","PeriodicalId":46074,"journal":{"name":"Journal of Computer Security","volume":null,"pages":null},"PeriodicalIF":0.9000,"publicationDate":"2023-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Secure authentication protocols to resist off-line attacks on authentication data table\",\"authors\":\"Vinod Ramesh Falmari, B. M.\",\"doi\":\"10.3233/jcs-210171\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In text-based authentication, the passwords along with user names are maintained in the Authentication Data Table (ADT). It is necessary to preserve the privacy of passwords in ADT to avoid offline attacks like brute force attacks, lookup table attacks, etc. In this paper, three password protection schemes, namely Encrypted Image Password (EIP), Dynamic Authentication Data Table (D-ADT), and Extended Encrypted Image Password (EEIP) are proposed for secure authentication. In EIP, the input passwords are first converted to hashed passwords and then transformed into images. Next, these image passwords are encrypted using a novel image password encryption system using chaos functions and confusion-diffusion mechanisms. In D-ADT, the hashed passwords are encrypted using a random key. The major highlight of this scheme is that during every log, the hashed password is encrypted with a new random key while keeping the plain password same as it is. So, during each login of the user, the old encrypted password is replaced with a new encrypted password in the authentication data table. The EEIP scheme combines both approaches. Passwords are converted to images and image passwords are encrypted with the new random key at every login. Performance and security analysis are carried out for the proposed algorithm concerning correlation analysis, differential analysis, entropy analysis, computation time, keyspace, and offline attack analysis.\",\"PeriodicalId\":46074,\"journal\":{\"name\":\"Journal of Computer Security\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.9000,\"publicationDate\":\"2023-06-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Computer Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.3233/jcs-210171\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Computer Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3233/jcs-210171","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

在基于文本的身份验证中，密码和用户名都保存在身份验证数据表(authentication Data Table, ADT)中。ADT中有必要保护密码的隐私性，以避免暴力破解攻击、查找表攻击等离线攻击。本文提出了加密图像密码(EIP)、动态认证数据表(D-ADT)和扩展加密图像密码(EEIP)三种密码保护方案，用于安全认证。在EIP中，首先将输入密码转换为散列密码，然后将其转换为图像。接下来，使用使用混沌函数和混淆扩散机制的新型图像密码加密系统对这些图像密码进行加密。在D-ADT中，散列密码使用随机密钥进行加密。该方案的主要亮点是，在每次日志期间，散列密码都使用新的随机密钥进行加密，同时保持普通密码不变。因此，在用户每次登录期间，身份验证数据表中的旧加密密码将被替换为新的加密密码。EEIP方案结合了这两种方法。密码被转换为图像，图像密码在每次登录时都用新的随机密钥加密。从相关分析、差分分析、熵分析、计算时间、键空间和离线攻击分析等方面对所提出的算法进行了性能和安全性分析。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Secure authentication protocols to resist off-line attacks on authentication data table

In text-based authentication, the passwords along with user names are maintained in the Authentication Data Table (ADT). It is necessary to preserve the privacy of passwords in ADT to avoid offline attacks like brute force attacks, lookup table attacks, etc. In this paper, three password protection schemes, namely Encrypted Image Password (EIP), Dynamic Authentication Data Table (D-ADT), and Extended Encrypted Image Password (EEIP) are proposed for secure authentication. In EIP, the input passwords are first converted to hashed passwords and then transformed into images. Next, these image passwords are encrypted using a novel image password encryption system using chaos functions and confusion-diffusion mechanisms. In D-ADT, the hashed passwords are encrypted using a random key. The major highlight of this scheme is that during every log, the hashed password is encrypted with a new random key while keeping the plain password same as it is. So, during each login of the user, the old encrypted password is replaced with a new encrypted password in the authentication data table. The EEIP scheme combines both approaches. Passwords are converted to images and image passwords are encrypted with the new random key at every login. Performance and security analysis are carried out for the proposed algorithm concerning correlation analysis, differential analysis, entropy analysis, computation time, keyspace, and offline attack analysis.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Computer Security COMPUTER SCIENCE, INFORMATION SYSTEMS-

CiteScore

1.70

自引率

0.00%

发文量

期刊介绍： The Journal of Computer Security presents research and development results of lasting significance in the theory, design, implementation, analysis, and application of secure computer systems and networks. It will also provide a forum for ideas about the meaning and implications of security and privacy, particularly those with important consequences for the technical community. The Journal provides an opportunity to publish articles of greater depth and length than is possible in the proceedings of various existing conferences, while addressing an audience of researchers in computer security who can be assumed to have a more specialized background than the readership of other archival publications.