Special Issue Paper
Robust password changing and DoS resilience for human-centric password authentication
Article first published online: 22 MAR 2013
Copyright © 2013 John Wiley & Sons, Ltd.
Security and Communication Networks
How to Cite
Li, X., Qian, H., Yu, Y., Weng, J. and Wang, Z. (2013), Robust password changing and DoS resilience for human-centric password authentication. Security Comm. Networks. doi: 10.1002/sec.768
- Article first published online: 22 MAR 2013
- Manuscript Accepted: 8 FEB 2013
- Manuscript Received: 18 OCT 2012
- National Natural Science Foundation of China. Grant Numbers: 61172085, 61103221, 61021004, 61070249, 11061130539
- password changing;
- DoS resilience;
In password-based or two-factor (password and smart card) authentications, password changing is one of common techniques used to improve the security of the systems protected by the password. However, the password-changing operations in existing password authentications either depend on the login phase or violate the common practice that an old password should not be valid for subsequent login after being updated. On the other hand, password mistyping is very common in reality, which may be random or be skewed by the adversary via technical means or social engineering manipulation [i.e., a kind of denial-of-service (DoS) attack]. In human-centric authentication mechanisms, password changing and DoS resilience are not marginal issues. The paper addresses the requirements of robust password changing in authentication and presents , a password authentication scheme with robust password changing, DoS resilience, and card-compromise security. Thus, the proposal can be viewed as a suitable candidate instantiation for authentication services of human-centric security, by embedding in the computer and software systems. also achieves other appealing features, such as self-healing ability and strong privacy protection, which may be useful for human-centric applications. Copyright © 2013 John Wiley & Sons, Ltd.