High Performance Nonce-Based Authentication and Key Distribution Protocols against Password Guessing Attacks

Sung-Ming YEN  Meng-Tzung LIU  

IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E80-A   No.11   pp.2209-2217
Publication Date: 1997/11/25
Online ISSN: 
Print ISSN: 0916-8508
Type of Manuscript: Special Section PAPER (Special Section on Information Theory and Its Applications)
Category: Security
authentication,  challenge-response,  cryptography,  key distribution,  nonce,  off-line dictionary attack,  on-line attack,  password,  trusted third-party,  verifiable text attack,  

Full Text: PDF>>
Buy this Article

A family of nonce-based authentication and key distribution protocols based on the trusted third-party model are proposed which are not only efficient on the view points of computation and communication, but also secure against on-line and off-line password guessing attacks. A new concept of implicit or indirect challenge-response authentication which can be used to combine the processes of identify authentication and data integrity assurance during key distribution and to make the entire protocol be more concise and efficient is introduced in this paper. In the proposed family of protocols, specific protocol can be chosen such that the secure session key to be distributed is selected by specific participant in the protocol. Detailed security analyses of every protocols are given.