On the security of digest access authentication

Proc. - 14th IEEE Int. Conf. on Computational Science and Engineering, CSE 2011 and 11th Int. Symp. on Pervasive Systems, Algorithms, and Networks, I-SPA 2011 and 10th IEEE Int. Conf. on IUCC 2011

Volumn , Issue , 2011, Pages 427-434

  Liu, Fanbao ^a,b  

^a NATIONAL UNIVERSITY OF DEFENSE TECHNOLOGY   (China)

^b BEIJING UNIVERSITY OF TECHNOLOGY   (China)

Author keywords

Access Authentication; Challenge and Response; Collision Attack; Hash Function; Password Recovery

Indexed keywords

ACCESS AUTHENTICATIONS; CHALLENGE AND RESPONSE; COLLISION ATTACK; COLLISION RESISTANCE; DATA ENCRYPTION; HTTP PROTOCOLS; OFF-LINE COMPUTATION; RECOVERY ATTACKS;

COMPUTER SYSTEM RECOVERY; HASH FUNCTIONS; RECOVERY; UBIQUITOUS COMPUTING;

AUTHENTICATION;

EID: 81455135959     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSE.2011.79     Document Type: Conference Paper

References (25)

1. J. Franks, P. Hallam-Baker, J. Hostetler, S. Lawrence, P. Leach, A. Luotonen, and L. Stewart, "HTTP Authentication: Basic and Digest Access Authentication," RFC 2617 (Draft Standard), Internet Engineering Task Force, Jun. 1999. [Online]. Available: http://www.ietf.org/rfc/rfc2617.txt
2. P. Leach and C. Newman, "Using Digest Authentication as a SASL Mechanism," RFC 2831 (Proposed Standard), Internet Engineering Task Force, May 2000. [Online]. Available: http://www.ietf.org/rfc/rfc2831.txt
3. J. Myers, "Simple Authentication and Security Layer (SASL)," RFC 2222 (Proposed Standard), Internet Engineering Task Force, Oct. 1997, obsoleted by RFCs 4422, 4752, updated by RFC 2444. [Online]. Available: http://www.ietf.org/rfc/rfc2222.txt
4. Wikipedia, "Simple Authentication and Security Layer,"available at http://en.wikipedia.org, 2011.
5. R. Rivest, "The MD5 Message-Digest Algorithm," RFC 1321 (Informational), Internet Engineering Task Force, Apr. 1992, updated by RFC 6151. [Online]. Available: http://www.ietf.org/rfc/rfc1321.txt
6. B. Preneel and P. van Oorschot, "On the Security of Two MAC Algorithms," in Advances in Cryptology - EUROCRYPT 96, ser. Lecture Notes in Computer Science, U. Maurer, Ed. Springer Berlin / Heidelberg, 1996, vol. 1070, pp. 19-32.
7. X. Wang, X. Lai, D. Feng, H. Chen, and X. Yu, "Crypt-analysis of the Hash Functions MD4 and RIPEMD," in Advances in Cryptology - EUROCRYPT 2005, ser. Lecture Notes in Computer Science, R. Cramer, Ed. Springer Berlin / Heidelberg, 2005, vol. 3494, pp. 551-551.
8. X. Wang and H. Yu, "How to Break MD5 and Other Hash Functions," in Advances in Cryptology - EUROCRYPT 2005, ser. Lecture Notes in Computer Science, R. Cramer, Ed. Springer Berlin / Heidelberg, 2005, vol. 3494, pp. 561-561.
9. X. Wang, Y. Yin, and H. Yu, "Finding Collisions in the Full SHA-1," in Advances in Cryptology - CRYPTO 2005, ser. Lecture Notes in Computer Science, V. Shoup, Ed. Springer Berlin / Heidelberg, 2005, vol. 3621, pp. 17-36.
10. V. Klima, "Tunnels in Hash Functions: MD5 Collisions Within a Minute," Cryptology ePrint Archive, Report 2006/105, 2006, http://eprint.iacr.org/.
11. G. Leurent, "Message Freedom in MD4 and MD5 Collisions: Application to APOP," in Fast Software Encryption, ser. Lecture Notes in Computer Science, A. Biryukov, Ed. Springer Berlin / Heidelberg, 2007, vol. 4593, pp. 309-328.
12. Y. Sasaki, G. Yamamoto, and K. Aoki, "Practical Password Recovery on an MD5 Challenge and Response," Cryptology ePrint Archive, Report 2007/101, 2007, http://eprint.iacr.org/.
13. Y. Sasaki, L. Wang, K. Ohta, and N. Kunihiro, "Security of MD5 Challenge and Response: Extension of APOP Password Recovery Attack," in Topics in Cryptology - CT-RSA 2008, ser. Lecture Notes in Computer Science, T. Malkin, Ed. Springer Berlin / Heidelberg, 2008, vol. 4964, pp. 1-18.
14. L. Wang, Y. Sasaki, K. Sakiyama, and K. Ohta, "Bit-Free Collision: Application to APOP Attack," in Advances in Information and Computer Security, ser. Lecture Notes in Computer Science, T. Takagi and M. Mambo, Eds. Springer Berlin / Heidelberg, 2009, vol. 5824, pp. 3-21.
15. F. Liu, Y. Liu, T. Xie, and Y. Feng, "Fast Password Recovery Attack: Application to APOP," Cryptology ePrint Archive, Report 2011/248, 2011, http://eprint.iacr.org/.
16. P. van Oorschot A.J. Menezes and S. Vanstone, Handbook of Applied Cryptography. CRC Press, 1997.
17. B. Preneel, "Cryptographic Primitives for Information Authentication - State of the Art," in State of the Art in Applied Cryptography, ser. Lecture Notes in Computer Science. Springer Berlin / Heidelberg, 1998, vol. 1528, pp. 49-104.
18. B. den Boer and A. Bosselaers, "Collisions for the compression function of MD5," in Advances in Cryptology - EUROCRYPT 93, ser. Lecture Notes in Computer Science, T. Helleseth, Ed. Springer Berlin / Heidelberg, 1994, vol. 765, pp. 293-304.
19. M. Stevens, "On Collisions for MD5," Master's thesis, TU Eindhoven, Faculty of Mathematics and Computer Science, 2007.
20. M. Stevens, A. Sotirov, J. Appelbaum, A. Lenstra, D. Molnar, D. Osvik, and B. de Weger, "Short Chosen-Prefix Collisions for MD5 and the Creation of a Rogue CA Certificate," in Advances in Cryptology - CRYPTO 2009, ser. Lecture Notes in Computer Science, S. Halevi, Ed. Springer Berlin / Heidelberg, 2009, vol. 5677, pp. 55-69.
21. T. Xie, D. Feng, and F. Liu, "A New Collision Differential For MD5 With Its Full Differential Path," Cryptology ePrint Archive, Report 2008/230, 2008, http://eprint.iacr.org/.
22. T. Xie, F. Liu, and D. Feng, "Could The 1-MSB Input Difference Be The Fastest Collision Attack For MD5 ?" LNCS 5479, the poster session of EUROCRYPT 2009. Cryptology ePrint Archive, Report 2008/391, 2008, http://eprint.iacr.org/.
23. T. Xie and D. Feng, "How To Find Weak Input Differences For MD5 Collision Attacks," Cryptology ePrint Archive, Report 2009/223, 2009, http://eprint.iacr.org/.
24. -, "Construct MD5 Collisions Using Just A Single Block Of Message," Cryptology ePrint Archive, Report 2010/643, 2010, http://eprint.iacr.org/.
25. Y. Yu, K. Li, W. Zhou, and P. Li, "Trust mechanisms in wireless sensor networks: Attack analysis and countermeasures,"Journal of Network and Computer Applications, vol. In Press, Corrected Proof, pp. -, 2011.