On the Security of Some Password Authentication Protocols
作者: Bin‐Tsan Hsieh , Hung‐Min Sun , Tzonelih Hwang
DOI: 10.15388/INFORMATICA.2003.014
关键词: Password strength 、 S/KEY 、 Authentication protocol 、 Password 、 One-time password 、 Password cracking 、 Computer science 、 Zero-knowledge password proof 、 Computer security 、 Challenge–response authentication
摘要: In an internet environment, such as UNIX, a remote user has to obtain the access right from server before doing any job. The procedure of obtaining acess is called authentication protocol. User via memorable password provides convenience without needing auxiliary devices, smart card. A protocol username and should basically withstand off-line guessing attack, stolen verifier DoS attack. Recently, Peyravian Zunic proposed one transmission change Later, Tseng et al. (2001) pointed out that Zunic's protocols can not therefore improved defeat Independently, Hwang Yeh also showed suffer some secury flaws, was presented. this paper, we show both al.'s are insecure against Moreover, all Zunic's, al.'s, Yeh's
mii.lt参考文章(9)
Victor Boyko, Philip MacKenzie, Sarvar Patel, Provably secure password-authenticated key exchange using Diffie-Hellman theory and application of cryptographic techniques. pp. 156- 171 ,(2000) , 10.1007/3-540-45539-6_12
Tzu-Chang Yeh, Jing-Jang Hwang, Improvement on Peyravian-Zunic's Password Authentication Schemes IEICE Transactions on Communications. ,vol. 85, pp. 823- 825 ,(2002)
Jinn-Ke Jan, Hung-Yu Chien, Yuh-Min Tseng, On the Security of Methods for Protecting Password Transmission Informatica (lithuanian Academy of Sciences). ,vol. 12, pp. 469- 476 ,(2001) , 10.3233/INF-2001-12308
Thomas D. Wu, The Secure Remote Password Protocol. network and distributed system security symposium. ,(1998)
Mohammad Peyravian, Nevenko Zunic, Methods for Protecting Password Transmission Computers & Security. ,vol. 19, pp. 466- 469 ,(2000) , 10.1016/S0167-4048(00)05032-X
Steven M. Bellovin, Michael Merritt, Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise computer and communications security. pp. 244- 250 ,(1993) , 10.1145/168588.168618
David P. Jablon, Strong password-only authenticated key exchange ACM SIGCOMM Computer Communication Review. ,vol. 26, pp. 5- 26 ,(1996) , 10.1145/242896.242897
S.M. Bellovin, M. Merritt, Encrypted key exchange: password-based protocols secure against dictionary attacks ieee symposium on security and privacy. pp. 72- 84 ,(1992) , 10.1109/RISP.1992.213269
Taekyoung Kwon, Jooseok Song, Secure agreement scheme for gxy via password authentication Electronics Letters. ,vol. 35, pp. 892- 893 ,(1999) , 10.1049/EL:19990623