Secure authentication protocols resistant to guessing attacks

Jia Ning Luo*, Shiuhpyng Shieh, Ji Chiang Shen

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

3 Scopus citations


Users are normally authenticated via their passwords in computer systems. Since people tend to choose passwords that can be easily remembered, the systems are under the threat of guessing attacks. Many authentication and key distribution protocols have been proposed to protect user passwords from guessing attacks. However, these protocols either are limited to some specific environments or incur high computation and communication costs. In the paper, we first specify five common forms of guessing attacks, which are used to determine whether a protocol is vulnerable to those attacks. Based on these common forms, some guidelines are provided for developing secure protocols that can be used in both symmetric and asymmetric cryptosystems to defend against guessing attacks. Finally, we enhance the well-known authentication system Kerberos and propose two authentication and key distribution protocols, which are both resistant to guessing attacks.

Original languageEnglish
Pages (from-to)1125-1143
Number of pages19
JournalJournal of Information Science and Engineering
Issue number5
StatePublished - 1 Sep 2006


  • Authentication
  • Cryptography
  • Guessing attack
  • Network security
  • Protocol

Fingerprint Dive into the research topics of 'Secure authentication protocols resistant to guessing attacks'. Together they form a unique fingerprint.

Cite this