TY - GEN
T1 - Detection and prevention of new attacks for ID-based authentication protocols
AU - Chen, Jinyong
AU - Dojen, Reiner
AU - Jurcut, Anca
N1 - Publisher Copyright:
© 2020 Owner/Author.
PY - 2020/12/18
Y1 - 2020/12/18
N2 - The rapid development of information and network technologies motivates the emergence of various new computing paradigms, such as distributed computing, and edge computing. This also enables more and more network enterprises to provide multiple different services simultaneously. To ensure these services can conveniently be accessed only by authorized users, many password and smart card-based authentication schemes for multi-server architecture have been proposed. In this paper, we review several dynamic ID-based password authentication schemes for multi-server environments. New attacks against four of these schemes are presented, demonstrating that an adversary can impersonate either legitimate or fictitious users. The impact of these attacks is the failure to achieve the main security requirement: authentication. Thus, the security of the analyzed schemes is proven to be compromised. We analyze these four dynamic ID-based schemes and discuss the reasons for the success of the new attacks. Additionally, we propose a new set of design guidelines to prevent such exploitable weaknesses on dynamic ID-based authentication protocols. Finally, we apply the proposed guidelines to the analyzed protocols and demonstrate that violation of these guidelines leads to insecure protocols.
AB - The rapid development of information and network technologies motivates the emergence of various new computing paradigms, such as distributed computing, and edge computing. This also enables more and more network enterprises to provide multiple different services simultaneously. To ensure these services can conveniently be accessed only by authorized users, many password and smart card-based authentication schemes for multi-server architecture have been proposed. In this paper, we review several dynamic ID-based password authentication schemes for multi-server environments. New attacks against four of these schemes are presented, demonstrating that an adversary can impersonate either legitimate or fictitious users. The impact of these attacks is the failure to achieve the main security requirement: authentication. Thus, the security of the analyzed schemes is proven to be compromised. We analyze these four dynamic ID-based schemes and discuss the reasons for the success of the new attacks. Additionally, we propose a new set of design guidelines to prevent such exploitable weaknesses on dynamic ID-based authentication protocols. Finally, we apply the proposed guidelines to the analyzed protocols and demonstrate that violation of these guidelines leads to insecure protocols.
KW - Attacks
KW - Authentication protocols
KW - Exploitable weaknesses
KW - Multi-factor authentication
KW - Multi-server environment
KW - User anonymity
UR - http://www.scopus.com/inward/record.url?scp=85106156161&partnerID=8YFLogxK
U2 - 10.1145/3447654.3447666
DO - 10.1145/3447654.3447666
M3 - Conference contribution
AN - SCOPUS:85106156161
T3 - ACM International Conference Proceeding Series
SP - 78
EP - 86
BT - ICNCC 2020 - Proceedings of the 2020 9th International Conference on Networks, Communication and Computing
PB - Association for Computing Machinery
T2 - 9th International Conference on Networks, Communication and Computing, ICNCC 2020
Y2 - 18 December 2020 through 20 December 2020
ER -