Two simple attacks on Lin-Shen-Hwang's strong-password authentication protocol

Operating Systems Review (ACM)

Volumn 37, Issue 4, 2003, Pages 26-31

  Ku, Wei Chi ^a   Tsai, Hao Chuan ^a   Chen, Shuai Min ^a  

^a FU JEN CATHOLIC UNIVERSITY   (Taiwan)

Author keywords

Denial of service attack; Password authentication; Replay attack; Stolen verifier attack; Strong password

Indexed keywords

COMPUTER ARCHITECTURE; COMPUTER PROGRAMMING; CRYPTOGRAPHY; MATHEMATICAL MODELS; OPTIMIZATION; PUBLIC POLICY; SECURITY OF DATA;

DENIAL-OF-SERVICE ATTACK; PASSWORD AUTHENTICATION; REPLACE ATTACKS; STOLEN-VERIFIER ATTACK; STRONG PASSWORD;

COMPUTER OPERATING SYSTEMS;

EID: 21244469256     PISSN: 01635980     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/958965.958968     Document Type: Conference Paper

References (17)

1. S. Bellovin and M. Merritt, "Augmented encrypted key exchange: A password-based protocol secure against dictionary attacks and password-file compromise," in ACM Conference on Computer and Communications security, pp. 244-250, 1993.
2. C. M. Chen and W. C. Ku, "Stolen-verifier attack on two new strong-password authentication protocols," IEICE Transactions on Communications, vol. E58-B, no. 11, pp. 2519-2521, Nov. 2002.
3. IEEE P1363.2 / D10 (Standard specifications for public key cryptographic: password-based techniques), IEEE P1363 working group, July 2003.
4. th IEEE Computer Security Foundation Workshop, pp. 24-29, 1995.
5. N. M. Haller, "The S/KEY (TM) one-time password system," Proc. Internet Society Symposium on Network and Distributed System Security, pp. 151-158, 1994.
6. D. Jablon, "Strong password-only authenticated key exchange," A CM Computer Communications Review, vol. 20, no. 5 pp. 5-26, 1996.
7. th International Conference on Computer Communications and Networks, pp. 105-112, 1995.
8. L. Lamport, "Password authentication with insecure communication," Communications of the A CM, vol. 24, no. 11, pp. 770-772, Nov. 1981.
9. C. L. Lin, H. M. Sun, and T. Hwang, "Attacks and solutions on strong-password authentication," IEICE Transactions on Communications, vol. E84-B, no. 9, pp. 2622-2627, Sept. 2001.
10. C. W. Lin, J. J. Shen, M. S. Hwang, "Security enhancement for optimal strong password authen tication protocol," ACM Operating System Review, vol. 37, no. 2, pp. 7-12, April 2003.
11. Microsoft TechNet: Products & Technologies/WindowsServer2003/ ProductDocumentation/Security/Authentication/Passwords/Concepts (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/ windowsserver2003/proddocs/server/windows_password_tips.asp).
12. C. J. Mitchell and L. Chen, "Comments on the S/KEY user authentication scheme," ACM Operating Systems Review, vol. 30, no. 4, pp. 12-16, Oct. 1996.
13. National Institute of Standards and Technology, "Secure hash standard," FIPS Publication 180-1, April 1995.
14. M. Sandirigama, A. Shimizu and M. T. Noda, "Simple and secure password authentication protocol (SAS)," IEICE Transactions on Communications, vol. E83-B, no. 6, pp. 1363-1365, June 2000.
15. A. Shimizu, "A dynamic password authentication method by one-way function," IEICE Transactions, vol. J73-D-I, no. 7, pp. 630-636, July 1990.
16. A. Shimizu, T. Horioka and H. Inagaki, "A password authentication methods for contents communication on the internet," IEICE Transactions on Communications, vol. E81-B, no. 8, pp. 1666-1673, Aug. 1998.
17. T. Tsuji and A. Shimizu, "An impersonation attack on one-time password authentication protocol OSPA," IEICE Transactions on Communications, vol. E86-B, no. 7, pp. 2182-2185, July 2003.