ISSN : 1796-2056
Volume : 4    Issue : 3    Date : May 2009

User Authentication with Provable Security against Online Dictionary Attacks
Yongzhong He and Zhen Han
Page(s): 200-207
Full Text:
PDF (474 KB)

Dictionary attacks are the best known threats on the password-based authentication schemes.
Based on Reverse Turing Test (RTT), some usable and scalable authentication schemes are
proposed to defeat online dictionary attacks mounted by automated programs. However it is found
that these authentication schemes are vulnerable to various online dictionary attacks. In this paper,
a practical decision function is presented, based on which RTT authentication schemes are
constructed and shown to be secure against all the known online dictionary attacks. After formally
modeling of the adversary, the static and dynamic security of the authentication schemes are proved

Index Terms
Online Dictionary attack; Reverse Turing Test; Authentication