38
views
0
recommends
+1 Recommend
0 collections
    0
    shares
      • Record: found
      • Abstract: found
      • Article: found
      Is Open Access

      CompChall: Addressing Password Guessing Attacks

      Preprint
      , , , ,

      Read this article at

      Bookmark
          There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

          Abstract

          Even though passwords are the most convenient means of authentication, they bring along themselves the threat of dictionary attacks. Dictionary attacks may be of two kinds: online and offline. While offline dictionary attacks are possible only if the adversary is able to collect data for a successful protocol execution by eavesdropping on the communication channel and can be successfully countered using public key cryptography, online dictionary attacks can be performed by anyone and there is no satisfactory solution to counter them. This paper presents a new authentication protocol which is called CompChall (computational challenge). The proposed protocol uses only one way hash functions as the building blocks and attempts to eliminate online dictionary attacks by implementing a challenge-response system. This challenge-response system is designed in a fashion that it does not pose any difficulty to a genuine user but is time consuming and computationally intensive for an adversary trying to launch a large number of login requests per unit time as in the case of an online dictionary attack. The protocol is stateless and thus less vulnerable to DoS (Denial of Service) attacks.

          Related collections

          Most cited references2

          • Record: found
          • Abstract: not found
          • Article: not found

          Password authentication with insecure communication

            Bookmark
            • Record: found
            • Abstract: not found
            • Conference Proceedings: not found

            Securing passwords against dictionary attacks

              Bookmark

              Author and article information

              Journal
              16 November 2011
              Article
              10.1109/ITCC.2005.107
              1111.3753
              c7d30dc0-d8e9-4c32-a25d-06cab3af06b1

              http://arxiv.org/licenses/nonexclusive-distrib/1.0/

              History
              Custom metadata
              6 Pages, 1 Figure; International Conference on Information Technology: Coding and Computing, 2005. ITCC 2005
              cs.CR

              Comments

              Comment on this article