Stolen-verifier attack on two new strong-password authentication protocols

IEICE Transactions on Communications

Volumn E85-B, Issue 11, 2002, Pages 2519-2521

  Chen, Chien Ming ^a   Ku, Wei Chi ^a  

^a FU JEN CATHOLIC UNIVERSITY   (Taiwan)

Author keywords

Cryptographic hash function; Replay attack; Stolen verifier attack; Strong password authentication

Indexed keywords

COMPUTER CRIME; COMPUTER PRIVACY; CRYPTOGRAPHY; FUNCTIONS;

OPTIMAL STRONG-PASSWORD AUTHENTICATION (OSPA) PROTOCOL;

SECURITY OF DATA;

EID: 0037285263     PISSN: 09168516     EISSN: None     Source Type: Journal    
DOI: None     Document Type: Article

References (16)

1. L. Lamport, "Password authentication with insecure communication," Commun. ACM, vol.24, no.11, pp.770-772, 1981.
2. M. Lomas, L. Gong, J. Saltzer, and R. Needham, "Reducing risks from poorly chosen key," ACM Symposium on Operating System Principles, ACM Operating Systems Review, pp.14-18, 1989.
3. A. Shimizu, "A dynamic password authentication method by one-way function," IEICE Trans. Inf. & Syst. (Japanese Edition), vol. J73-D-I, no.7, pp.630-636, July 1990.
4. A. Shimizu, "A dynamic password authentication method by one-way function," System and Computers in Japan, vol.22, no.7, 1991.
5. S. Bellovin and M. Merritt, "Encrypted key exchange: Password-based protocols secure against dictionary attacks," IEEE Symposium on Research in Security and Privacy, pp.72-84, 1992.
6. S. Bellovin and M. Merritt, "Augmented encrypted key exchange: A password-based protocol secure against dictionary attacks and password-file compromise," ACM Conference on Computer and Communications Security, pp.244-250, 1993.
7. N. Haller, "The S/KEY (TM) one-time password system," Proc. Internet Society symposium on Network and Distributed System Security, pp.151-158, 1994.
8. D. Jablon, "Strong password-only authenticated key exchange," ACM Computer Commun. Review, vol.26, no.5, pp.5-26, 1996.
9. A. Shimizu, T. Horioka, and H. Inagaki, "A password authentication method for contents communication on the internet," IEICE Trans. Commun., vol. E81-B, no.8, pp.1666-1763, Aug. 1998.
10. T. Wu, "The secure remote password protocol," Internet Society Symposium on Network and Distributed System Security, 1998.
11. D. Jablon, "B-SPEKE," Integrity Sciences White Paper, Sept. 1999.
12. T. Kwon, "Ultimate solution to authentication via memorable password," A Proposal for IEEE P1363a: Password-based Authentication, May 2000.
13. V. Boyko, P. MacKenzie, and S. Patel, "Provably secure password authentication key exchange using Diffie-Hellman," Cryptology-EUROCRYPT 2000, ed. B. Preneel, May 2000.
14. M. Sandirigama, A. Shimizu, and M.T. Noda, "Simple and secure password authentication protocol (SAS)," IEICE Trans. Commun., vol. E83-B, no.6, pp.1363-1365, June 2000.
15. T. Kwon, "Authentication and key agreement via memorable password," NDSS 2001 Symposium Conference Proceedings, Feb. 2001.
16. C.L. Lin, H.M. Sun, and T. Hwang, "Attacks and solutions on strong-password authentication," IEICE Trans. Commun., vol. E84-B, no.9, pp.2622-2627, Sept. 2001.