Related papers: A protected password change protocol
To prevent credential stuffing attacks, industry best practice now proactively checks if user credentials are present in known data breaches. Recently, some web services, such as HaveIBeenPwned (HIBP) and Google Password Checkup (GPC), have…
Honeywords are decoy passwords that can be added to a credential database; if a login attempt uses a honeyword, this indicates that the site's credential database has been leaked. In this paper we explore the basic requirements for…
The Internet of Medical Things has revolutionized the healthcare industry, enabling the seamless integration of connected medical devices and wearable sensors to enhance patient care and optimize healthcare services. However, the rapid…
Secure group communications are a mechanism facilitating protected transmission of messages from a sender to multiple receivers, and many emerging applications in both wired and wireless networks need the support of such a mechanism. There…
In 2005, Yang, Wang, and Chang proposed an improved timestamp-based password authentication scheme in an attempt to overcome the flaws of Yang-Shieh_s legendary timestamp-based remote authentication scheme using smart cards. After analyzing…
General cryptographic schemes are presented where keys can be one-time or ephemeral. Processes for key exchange are derived. Public key cryptographic schemes based on the new systems are easily established. Authentication and signature…
Web password recovery, enabling a user who forgets their password to re-establish a shared secret with a website, is very widely implemented. However, use of such a fall-back system brings with it additional vulnerabilities to user…
Yeh et al. recently have proposed a mutual authentication protocol based on EPC Class-1 Gen.-2 standard [1]. They have claimed that their protocol is secure against adversarial attacks and also provides forward secrecy. In this paper we…
We introduce password strength information signaling as a novel, yet counter-intuitive, defense mechanism against password cracking attacks. Recent breaches have exposed billions of user passwords to the dangerous threat of offline password…
In this paper, we will study Lee, Kim and Yoo, a verifier password typed key agreement scheme and demonstrate that the scheme is not secure. Then, the authors will propose an enhanced verifier typed key agreement scheme relied on Lee, Kim…
Recently, Yang and Tan proposed a certificateless key exchange protocol without pairing, and claimed their scheme satisfies forward secrecy, which means no adversary could derive an already-established session key unless the full user…
Recently, Zhang, Li, and Guo have proposed a particular eavesdropping attack [Phys. Rev. A {\bf 63}, 036301 (2001), quant-ph/0009042] which shows that my quantum key distribution protocol based on entanglement swapping [Phys. Rev. A {\bf…
Phishing is a type of attack in which cyber criminals tricks the victims to steal their personal and financial data. It has become an organized criminal activity. Spoofed emails claiming to be from legitimate source are crafted in a way to…
We present a quantum password checking protocol where secrecy is protected by the laws of quantum mechanics. The passwords are encoded in quantum systems that can be compared but have a dimension too small to allow reading the encoded bits.…
Recently, a quantum key exchange protocol has been described, which served as basis for securing an actual bank transaction by means of quantum cryptography [quant-ph/0404115]. Here we show, that the authentication scheme applied is…
The new generation of security threats has been promoted by digital currencies and real-time applications, where all users develop new ways to communicate on the Internet. Security has evolved in the need of privacy and anonymity for all…
The development of quantum computers has been advancing rapidly in recent years. As quantum computers become more widely accessible, potentially malicious users could try to execute their code on the machines to leak information from other…
Security protocols are building blocks in secure communications. They deploy some security mechanisms to provide certain security services. Security protocols are considered abstract when analyzed, but they can have extra vulnerabilities…
Password guessers are instrumental for assessing the strength of passwords. Despite their diversity and abundance, little is known about how different guessers compare to each other. We perform in-depth analyses and comparisons of the…
To protect against misuse of passwords compromised in a breach, consumers should promptly change affected passwords and any similar passwords on other accounts. Ideally, affected companies should strongly encourage this behavior and have…