Elsevier

Computer Communications

Volume 29, Issue 5, 6 March 2006, Pages 660-667
Computer Communications

Secure remote user access over insecure networks

https://doi.org/10.1016/j.comcom.2005.07.025Get rights and content

Abstract

Remote user authentication based on passwords over untrusted networks is the conventional method of authentication in the Internet and mobile communication environment. Typical secure remote user access solutions rely on pre-established secure cryptographic keys, public-key infrastructure, or secure hardware. In this paper, we present secure password-based protocols for remote user authentication, password change, and session key establishment over insecure networks. The proposed protocols do not require the use of any additional private- or public-key infrastructure.

Introduction

User authentication based on passwords is broadly used to provide controlled access to networks or applications residing within networks. In a networked environment, users often interact with local application programs and the local application programs may exchange data with remote application programs on behalf of the users. When a remote application program controls resources of value, it typically requires a user-name (or userid) and password for verification and access control. Commonly a server in a network of resources is used to provide controlled access to the network or applications residing within the network. Typically a network of servers are responsible for administering and limiting access to users for which valid account credentials have been provided during a logon procedure. In this respect, a server maintains a security database including account identification corresponding to users and services they are authorized to access.

For remote user authentication, some application programs such as the telnet and ftp send user's credential (i.e., userid and password) over public networks in the clear (i.e., unprotected). Userids are considered, in most cases, to be public information but passwords are considered to be private or secret information. Application programs, such as the telnet and ftp, that transmit passwords in the clear over untrusted networks are not considered secure. When the network is untrusted, the users' passwords are susceptible to exposure and monitoring by unauthorized parties if the information is sent in the clear. These outside parties could then replay the information at some time in the future and gain access to the presumably protected resources.

Typical user authentication protocols for protecting passwords while traveling over public networks, encrypt passwords with symmetric-key cryptosystems (such as DES, AES, RC5, etc.) or public-key cryptosystems (such as RSA, DSA, etc.) [1], [3], [7], [9], [11]. Encrypting passwords this way imposes additional overhead on the local and remote application programs. Under such schemes, the sender and receiver of the password messages know the operative encryption and decryption schemes. Often, the sender encrypts the messages by applying an encryption scheme utilizing a key to the messages to be sent. The receiver decrypts the messages using a corresponding decryption scheme and the corresponding key known by the receiver. Unlike the typical remote user authentication and password change protocols appeared in the literature [1], [3], [7], [9], [11], the protocols presented in this paper do not use symmetric or asymmetric-key encryption schemes to protect messages.

Some user authentication protocols use collision-resistant one-way hash functions to protect the secrecy of passwords when they are transmitted over public network. Hash functions take an input string (e.g., the password) and convert it into an output string from which the input string cannot be determined. Hash functions are well suited for applications in which the receiving party does not need to know the input string corresponding to an output string in a received message. In this instance, the user's password is not sent across the network, only the hash of his/her password (in combination with some other values) is sent. The method of using hash functions was not shown to be effective for password change until schemes to accomplish this was presented in [4]. The schemes presented in [4] do not use any symmetric-key or public-key cryptosystems - they only employ a collision-resistant hash function such as SHA [6]. The schemes, however, are vulnerable to offline password-guessing attack (i.e., dictionary attack) and denial of service attack. The offline password-guessing attack is an issue only if the system allows users to choose weak passwords.1 To address these vulnerabilities, changes over the base schemes were proposed by [2], [8], but [12] showed that the proposed changes are not effective and do not fix the shortcomings.

In this paper, we will improve the base remote user authentication and password change protocols presented in [4] to address the security concerns raised by [2], [8], [12], [13]. We will present two sets of enhanced remote user authentication and password change protocols. Both sets allow the parties to optionally establish a session key which can be used to protect their subsequent communication. The first set fixes the denial of service vulnerability and only employs a collision-resistant hash function such as SHA as required in [4]. The first set however does not withstand off-line password-guessing attacks if the password is weak. The second set fixes the denial of service vulnerability and also provides protection against off-line password-guessing attacks. The second set employs the Diffie-Hellman (DH) key agreement scheme [10] in addition to a collision-resistant hash function such as SHA to protect exchanges.

The rest of this paper is organized as follows. Section 2 presents the enhanced hash-based protocols for remote user authentication and password change. It also discusses the security aspects of these protocols. The combined hash and DH-based protocols that withstand off-line password-guessing are presented along with their security analysis in Section 3. The paper is concluded with a discussion of future directions in Section 4.

Section snippets

Hash-Based Protocols

In this section, we describe our enhanced hash-based protocols for remote user authentication and password change. In our description, we refer to the local application program acting on behalf of the user as the client and the remote application program as the server (Fig. 1). For access to the resources at the server, we assume that the user has a “userid” denoted by id and a “password” denoted by pw. Thus, access to the server is controlled by a combination of an id and a pw. The password is

DH-Based Protocols

The hash-based protocols described above do not withstand off-line password-guessing attacks if the password is weak with low entropy. For example, an adversary may intercept the server's authentication token (i.e., ser_auth_token) and compute Hash(Hash(id, pw), rc, rs) for each guessed password pw (using the so-called dictionary attack) and compare the result with the intercepted ser_auth_token. Thus, the adversary can verify off-line whether a guessed password is correct.

In this section, we

Conclusion

In this paper, we presented secure password-based protocols for remote user authentication, password change, and session key establishment over insecure networks. The proposed protocols did not rely on pre-established secure cryptographic keys, public-key infrastructure, or secure hardware. The proposed protocols made improvement over the base protocols described in [4] to address the security concerns raised by [2], [8], [12]. Two sets of enhanced remote user authentication and password change

References (14)

  • M. Peyravian et al.

    Methods for protecting password transmission

    Computers and Security

    (2000)
  • C.L. Lin et al.

    A password authentication scheme with secure password updating

    Computers and Security

    (2003)
  • J. Botting

    Security on the Internet: authenticating the user

    Telecommunications

    (1997)
  • J.J. Hwang et al.

    Improvement on Peyravian-Zunic's password authentication schemes

    EICE Transactions on Communications

    (2002)
  • S. Halevi et al.

    Public key cryptography and password protocols

    Proceedings of Fifth ACM Conference on Computer and Communications Security

    (1998)
  • B. Schneier

    Applied Cryptography

    (1996)
  • National Institute of Standards and Technology, Secure Hash Standard, FIPS PUB 180-2, August...
There are more references available in the full text version of this article.

Cited by (54)

  • A secure remote user mutual authentication scheme using smart cards

    2014, Journal of Information Security and Applications
    Citation Excerpt :

    Yoon et al. and Xiang et al. In the same year, many remote user authentication schemes (Lin et al., 2006; Shieh and Wang, 2006; Liaw et al., 2006; Peyravian and Jeffries, 2006) were proposed. In 2007, Wang et al. (2007) proved that both Ku and Chen (2004) and Yoon et al. (2004) schemes cannot resist forgery attacks, denial-of-service attacks or offline password guessing attacks.

  • Design of improved password authentication and update scheme based on elliptic curve cryptography

    2013, Mathematical and Computer Modelling
    Citation Excerpt :

    Later on, it has been made known by Lin and Hwang [9] that the Hwang and Yeh’s scheme suffers from DoS attack and does not provides perfect forward secrecy and afterward proposed an improved scheme to take away above security pitfalls which can accomplish mutual authentication and distribution of secret key between the client and the server. Again in the year 2006, Peyravian and Jeffries [10] enhanced the Peyravian and Zunic’s scheme; however, Shim [11] claimed that Peyravian and Jeffries’s scheme suffers from off-line password guessing and DoS attacks. In 2006, Chang et al. [12] proposed a new password authentication scheme based on symmetric key cryptosystem.

View all citing articles on Scopus
1

present address: Renaissance Computing Institute, University of North Carolina, Chapel Hill, NC 27599, USA.

View full text