1. Introduction. Weakness Analysis and Improvement of a Gateway-Oriented. Password-Based Authenticated Key Exchange Protocol
|
|
- Bernadette Rose
- 5 years ago
- Views:
Transcription
1 Weakness Analsis and Improvement of a atewa-oriented Password-Based Authenticated Ke Exchange Protocol He Debiao, hen Jianhua, Hu Jin School of Mathematics and Statistics, Wuhan Universit, Wuhan, Hubei 3007, hina hedebiao@63.com Abstract: Recentl, Abdalla et al. proposed a new gatewa-oriented password-based authenticated ke exchange (PAKE) protocol among a client, a gatewa, and an authentication server, where each client shares a human-memorable password with a trusted server so that the can resort to the server for authentication when want to establish a shared session ke with the gatewa. In the letter, we show that a malicious client of PAKE is still able to gain information of password b performing an undetectable on-line password guessing attack and can not provide the implicit ke confirmation. At last, we present a countermeasure to against the attack. Ke words: ke exchange protocol, secure communication, password, dictionar attack; ategories: D..6;... Introduction The gatewa-based authenticated ke exchange (AKE) protocols are important crptographic techniques for secure communications. onceptuall, a tpical three-part password-based authenticated ke exchange protocol works as follows. As requirement, each client shares a human-memorable password with a trusted server so that the can resort to the server S for authentication when want to establish a shared session ke with the gatewa. Among the various means of authentication that can be considered, the most interesting one from a practical point of view is the password-based setting in which a simple human-memorizable secret, called a password, is used for authentication. In 005, Abdalla et al. proposed the first gatewa-oriented password-based authenticated ke exchange (PAKE) scheme among a client, a gatewa, and an authentication server []. Even though Abdalla et al. had proved the session ke semantic securit of their scheme in a formal model, Bun et al. reported an undetectable on-line guessing attack on the PAKE protocol where a gatewa can iterativel guess a password and verif its guess without being detected b the server []. Bun et al. also proposed an improved scheme to eliminate the securit vulnerabilit of Abdalla et al. s scheme. However, Wu et al. [3] found that Bun et al. s scheme still cannot resist the on-line undetectable guessing attack. Ver recentl, Abdalla et al. [5] present a new variant of the PAKE scheme of Abdalla et al. []. The used the Schnorr s signature [6, 7] in the new scheme in order to guarantee the securit of the new scheme. The new scheme can withstand the attack b Bun et al. []. In this letter, we review Abdalla et al. s new protocol [5], and show that it does actuall leak information of password to a malicious client and can not provide the implicit ke confirmation. Especiall, we show that Abdalla et al. s new scheme is susceptible to an undetectable on-line password guessing attack b a malicious client. We also give a countermeasure against the attack b letting the client generate a message authentication code of keing material.
2 . Review of Abdalla et al. s protocol In this section, we will review Abdallar et al. s protocol. First we introduce some notations used in our paper. In order illustrate the protocol clearl, some notations are introduced as follows:, and S denote the client, the gatewa and the trusted server separatel. pw denotes the password shared between and S. ID and ID denote the identit of and separatel. denotes a finite cclic group having a generator g of bit prime order q. sk denotes a session ke generated between the client and the gatewa. h (), and h () denote two secure hash function, such as SHA. H denotes a secure hash function, where H ():0,}. NIZKPDL( m; g, h) denotes the Schnorr s signature [6, 7] on the message m. In Abdallar et al. s protocol, each client shares a human-memorable password with a trusted server. When a client wants to establish a shared session ke with a gatewa, the resort to the trusted server for authenticating each other. Abdallar et al. s protocol will be described as follows. Step : chooses two random numbers x and r. Then computes x X g H ID ID pw = (, then sends M = ID X to., } Step : Upon receiving the message M, sends M = ID ID X to the server,, } S. Step 3: Upon receiving the message M, the S generates a random number s, and computes X = X H ID ID pw, ( / ( ) s h s = g and π = NIZKPLD( X ; g, h). Then S sends M3 = X, h, π} to. Step : When receives M 3, he/she generates a random number and computes Y = h, π =, K = ( X), NIZKPLD( X ; g, Y) Auth = h ID ID X Y K (,, and the session ke sk = h ID ID X Y K. Then sends (,, M = ID, h, Y, Auth, π, π } to. Step 5: After receiving M, computes K = ( Y) x and checks weather Auth
3 equals h ID ID X Y K. If not, stops the session. Otherwise, checks weather (,, both of π, π is valid. If not, stops the session, else computes the session ke sk = h ID ID X Y K. (,, 3. Securit analsis 3.. Undetectable on-line guessing attack Due to the low entrop, password-based authenticated ke exchange protocols suffer from so-called exhaustive dictionar attacks. The attacks on PAKE schemes can be classified into three tpes [0]: )Off-line dictionar attacks: an attacker uses a guessed password to verif the correctness of the password in an offline manner. The attacker can freel guess a password and then check if it is correct without limitation in the number of guesses. )Undetectable on-line dictionar attacks: an attacker tries to verif the password in an on-line manner without being detected. That is, a failed guess is never noticed b the server and the client, and the attacker can legall and undetectabl check man times in order to get sufficient information of the password. 3)Detectable on-line dictionar attacks: an attacker first guesses a password, and tries to verif the password using responses from a server in an on-line manner. But a failure can be easil detected b counting access failures. In the following, we demonstrate an undetectable on-line dictionar attack against the Abdalla et al. s scheme [5] where an adversar is able to legall gain information about the password b repeatedl and indiscernibl asking queries to the authentication server. We assume that A has total control over the communication channel between the user and the gatewa, which means that he/she can insert, delete, or alter an messages in the channel. The detailed description of the attack is as follows: Step. A guesses a password pw from a uniforml distributed dictionar D and computes PW = H ( ID, ID, pw ). A generates a random number x and computes =. Then A impersonates to sends x X g PW Step. Upon receiving the message M, sends M = ID X to., } M = ID ID X to the server,, } S. Step 3: Upon receiving the message M, the S generates a random number s, and computes X = X H ID ID pw, ( / ( ) s h s = g and NIZKPLD( X ; g, h) π =. Then
4 S sends M3 = X, h, π} to. Step : When receives M 3, he/she generates a random number and computes Y = h, π =, K = ( X), NIZKPLD( X ; g, Y) Auth = h ID ID X Y K (,, and the session ke sk = h ID ID X Y K. Then sends (,, M = ID, h, Y, Auth, π, π } to. Step 5: A intercepts the message M, computes K = ( Y) x and checks weather Auth equals h ID ID X Y K. If Auth equals (,, h ID ID X Y K, (,, A find the correct password. Otherwise, A repeats step ), ), 3), ) and 5) until find the correct password. It is clear that if pw equals pw, then PW = H ( ID, ID, pw ), Auth = h ID ID X Y K, since (,, K = = ( X) s (( X / H ( ID, ID, pw)) ) x s ((( g PW ) / H ( ID, ID, pw)) ) x s s x x x ( g ) ( g ) ( h ) ( Y) K = = = = = = From the description of the attack we know that Abdalla et al. s scheme [5] does not prevent the leakage of information of the password from the malicious client A. In addition, the attack can be used to attack Abdalla et al. s another scheme []. 3.. Session-Ke Problem As in the definitions in [9], a ke agreement scheme is said to provide the explicit ke confirmation if one entit is assured that the second entit has actuall computed the session ke. The scheme provides the implicit ke confirmation if one entit is assured that the second entit can compute the session ke. Note that the propert of the implicit ke confirmation does not necessaril mean that one entit is assured of the second entit actuall possessing the session ke. In man applications, it is highl desirable for a ke agreement scheme to provide the explicit ke confirmation. We can see that the scheme of Abdalla et al. [5] merel provides the implicit ke confirmation, because cannot confirm has correctl computed the session ke after the log-in phase..
5 . ountermeasure The vulnerabilit to the undetectable on-line dictionar attack described above actuall stems from an absence of authentication of message in the scheme. To remed this vulnerabilit, we can use the method proposed b Bun et al.[]. First, we let a two part password-based authenticated ke exchange (-PAKE) scheme be executed between and S in order to generate a session ke sk. Then we let create a message authentication code (MA) of X using sk. Then, S can check the validit of the X through checking MA of X and find the undetectable on-line dictionar attack. However, the execution of the -PAKE can increase the burden of the server, the gatewa and the client heavil. So, Bun et al. s method can not be applied in practice. In fact, we just let Abdalla et al. s scheme provide the implicit ke confirmation in order to eliminate the securit vulnerabilit. We modif Abdalla et al. s [5] scheme as follows. In our modified scheme, requires provide the ke confirmation b offering Auth. If malicious client A carr out the undetectable on-line dictionar attack described in section 3., will find the attack, since A can t offer the correct Auth. Step : chooses two random numbers x and r. Then computes x X g H ID ID pw = (, then sends M = ID X to., } Step : Upon receiving the message M, sends M = ID ID X to the server,, } S. Step 3: Upon receiving the message M, the S generates a random number s, and computes ( / ( ) s X = X H ID ID pw, h s = g and NIZKPLD( X ; g, h) π =. Then S sends M3 = X, h, π} to. Step : When receives M 3, he/she generates a random number and computes Y = h, π =, K = ( X), and NIZKPLD( X ; g, Y) Auth = h ID ID X Y K. (,, Then sends M = ID, h, Y, Auth, π, π } to. Step 5: After receiving M, computes K = ( Y) x and checks weather Auth equals h ID ID X Y K. If not, stops the session. Otherwise, checks weather (,, both of π, π is valid. If not, stops the session, else computes the session ke sk = h ID ID X Y K and (,, Auth = h ID ID X Y K. Then sends the (,,
6 message M 5 = Auth} to S. Step 6: After receiving M 5, S checks weather Auth equals h ID ID X Y K. (,, If not S stops the session, else S computes the session ke sk = h ID ID X Y K. (,, 5. onclusion Ver recentl, Abdalla et al. [5] present a new variant of the PAKE scheme of Abdalla et al. []. However, we find that the new scheme is vulnerable to an undetectable on-line guessing attack and can not provide the implicit ke confirmation. We also proposed a countermeasure for the securit vulnerabilit. Reference []. M. Abdalla, O. hevassut, P-A, Fouque et al., A simple threshold authenticated ke exchange from short secrets, in Proc. ASIARYPT 005, LNS vol. 3788, pp , Springer-Verlag, 005. []. J. W. Bun, D. H. Lee, and J. I. Lim, Securit analsis and improvement of a gatewa-oriented password-based authenticated ke exchange protocol, IEEE ommunication Letters 0 (9), pp , 006. [3]. T.-. Wu, H.-Y. hien, omments on atewa-oriented Password-Based Authenticated Ke Exchange Protocol, in IIH-MSP 009, Koto, 009, []. M. Abdalla, M. Izabach`ene, and D. Pointcheval, Anonmous and Transparent atewa-based Password-Authenticated Ke Exchange, in ANS '08, Hong-Kong, LNS 5339, pp. 33 8, Springer-Verlag, 008. [5]. Y. Ding and P. Horster, Undetectable on-line password guessing attacks, AM Operating Sstems Review, vol. 9, pp , Apr [6]..-P.r Schnorr. Efficient identification and signatures for smart cards, In RYPTO 89, LNS vol. 35, pp Springer, 990. [7]..-P. Schnorr. Efficient signature generation b smart cards. Journal of rptolog, (3):6 7, 99. [8]..-I Fan and.-l. Lei, Low-computation blind signature schemes based on quadratic residues, Electron. Lett., vol. 3, no. 7, pp , 996. [9]. S. Blake-Wilson and A. Menezes, Authenticated Diffie Hellman ke agreement protocols, Proc. 5th Annu. Int. Workshop SA, S. Tavares and H. Meijer, Eds, LNS, vol. 556, (999) [0]. Y. Ding and P. Horster, Undetectable on-line password guessing attacks, AM Operating Sstems Review, vol. 9, pp , Apr. 995.
IAJIT First Online Publication
Enhancements of Three-Part Password-ased uthenticated Ke Echange Protocol Shuhua Wu 1,2,3, Kefei Chen 1, Yuefei Zhu 3 1 Department of Computer Science Engineering, Shanghai Jiao Tong Universit, Shanghai,
More informationSmart-card-loss-attack and Improvement of Hsiang et al. s Authentication Scheme
Smart-card-loss-attack and Improvement of Hsiang et al. s Authentication Scheme Y.. Lee Department of Security Technology and Management WuFeng niversity, hiayi, 653, Taiwan yclee@wfu.edu.tw ABSTRAT Due
More informationImproved Security in IEEE Wireless LANs
Improved Securit in IEEE 802.11 Wireless LANs FAHAD SAMAD, WAQAR MAHMOOD, ARSHAD ALI, UMAR KALIM Department of Information Technolog (NIIT) National Universit of Science & Technolog (NUST) H. # 166-A,
More informationA SECURE PASSWORD-BASED REMOTE USER AUTHENTICATION SCHEME WITHOUT SMART CARDS
ISSN 1392 124X INFORMATION TECHNOLOGY AND CONTROL, 2012, Vol.41, No.1 A SECURE PASSWORD-BASED REMOTE USER AUTHENTICATION SCHEME WITHOUT SMART CARDS Bae-Ling Chen 1, Wen-Chung Kuo 2*, Lih-Chyau Wuu 3 1
More informationPassword Protected Smart Card and Memory Stick Authentication Against Off-Line Dictionary Attacks
Password Protected Smart ard and Memory Stick Authentication Against Off-Line Dictionary Attacks Yongge Wang UN harlotte, harlotte, N 28223, USA yonwang@uncc.edu Abstract. We study the security requirements
More informationRobust EC-PAKA Protocol for Wireless Mobile Networks
International Journal of Mathematical Analysis Vol. 8, 2014, no. 51, 2531-2537 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/ijma.2014.410298 Robust EC-PAKA Protocol for Wireless Mobile Networks
More informationHash Proof Systems and Password Protocols
Hash Proof Systems and Password Protocols II Password-Authenticated Key Exchange David Pointcheval CNRS, Ecole normale supe rieure/psl & INRIA 8th BIU Winter School Key Exchange February 2018 CNRS/ENS/PSL/INRIA
More informationPassword Based Authentication Key Exchange in the Three Party
Password Based Authentication Key Exchange in the Three Party Er.Nishi Madan¹, Er.Manvinder Singh Nayyar² ¹Assistant Professor, Computer Science & Engineering DAV University, Jalandhar, Punjab (India)
More informationOn the Security of Yoon and Yoo s Biometrics Remote User Authentication Scheme
On the Security of Yoon and Yoo s Biometrics Remote User Authentication Scheme MING LIU * Department of Tourism Management WEN-GONG SHIEH Department of Information Management Chinese Culture University
More informationPassword Protected Smart Card and Memory Stick Authentication Against Off-line Dictionary Attacks
Password Protected Smart ard and Memory Stick Authentication Against Off-line Dictionary Attacks 1 arxiv:1207.5497v1 [cs.r] 23 Jul 2012 Yongge Wang UN harlotte, harlotte, N 28223, USA {yonwang}@uncc.edu
More informationCryptanalysis and Improvement of a Dynamic ID Based Remote User Authentication Scheme Using Smart Cards
Journal of Computational Information Systems 9: 14 (2013) 5513 5520 Available at http://www.jofcis.com Cryptanalysis and Improvement of a Dynamic ID Based Remote User Authentication Scheme Using Smart
More informationSecurity Analysis of the Authentication Modules of Chinese WLAN Standard and Its Implementation Plan*
Security Analysis of the Authentication Modules of Chinese WLAN Standard and Its Implementation Plan* Xinghua Li 1,2, Jianfeng Ma 1, and SangJae Moon 2 1 Key Laboratory of Computer Networks and Information
More informationComments on four multi-server authentication protocols using smart card
Comments on four multi-server authentication protocols using smart card * Jue-Sam Chou 1, Yalin Chen 2, Chun-Hui Huang 3, Yu-Siang Huang 4 1 Department of Information Management, Nanhua University Chiayi
More informationA Smart Card Based Authentication Protocol for Strong Passwords
A Smart Card Based Authentication Protocol for Strong Passwords Chin-Chen Chang 1,2 and Hao-Chuan Tsai 2 1 Department of Computer Science and Information Engineering, Feng Chia University, Taichung, Taiwan,
More informationAuthenticated Key Agreement Without Using One-way Hash Functions Based on The Elliptic Curve Discrete Logarithm Problem
Authenticated Key Agreement Without Using One-way Hash Functions Based on The Elliptic Curve Discrete Logarithm Problem Li-Chin Huang and Min-Shiang Hwang 1 Department of Computer Science and Engineering,
More informationAn Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks
Ad Hoc & Sensor Wireless Networks, Vol. 10, pp. 361 371 Reprints available directly from the publisher Photocopying permitted by license only 2010 Old City Publishing, Inc. Published by license under the
More informationSecurity Analysis of Shim s Authenticated Key Agreement Protocols from Pairings
Security Analysis of Shim s Authenticated Key Agreement Protocols from Pairings Hung-Min Sun and Bin-san Hsieh Department of Computer Science, National sing Hua University, Hsinchu, aiwan, R.O.C. hmsun@cs.nthu.edu.tw
More informationA Simple User Authentication Scheme for Grid Computing
A Simple User Authentication Scheme for Grid Computing Rongxing Lu, Zhenfu Cao, Zhenchuai Chai, Xiaohui Liang Department of Computer Science and Engineering, Shanghai Jiao Tong University 800 Dongchuan
More informationSecurity Improvements of Dynamic ID-based Remote User Authentication Scheme with Session Key Agreement
Security Improvements of Dynamic ID-based Remote User Authentication Scheme with Session Key Agreement Young-Hwa An* * Division of Computer and Media Information Engineering, Kangnam University 111, Gugal-dong,
More informationA weakness in Sun-Chen-Hwang s three-party key agreement protocols using passwords
A weakness in Sun-Chen-Hwang s three-party key agreement protocols using passwords Junghyun Nam Seungjoo Kim Dongho Won School of Information and Communication Engineering Sungkyunkwan University 300 Cheoncheon-dong
More informationCryptanalysis of Two Password-Authenticated Key Exchange. Protocols between Clients with Different Passwords
International Mathematical Forum, 2, 2007, no. 11, 525-532 Cryptanalysis of Two Password-Authenticated Key Exchange Protocols between Clients with Different Passwords Tianjie Cao and Yongping Zhang School
More informationA Critical Analysis and Improvement of AACS Drive-Host Authentication
A Critical Analysis and Improvement of AACS Drive-Host Authentication Jiayuan Sui and Douglas R. Stinson David R. Cheriton School of Computer Science University of Waterloo Waterloo, ON, N2L 3G1, Canada
More informationfor Compound Authentication
Verified Contributive Channel Bindings for Compound Authentication Antoine Delignat-Lavaud, Inria Paris Joint work with Karthikeyan Bhargavan and Alfredo Pironti Motivation: Authentication Composition
More informationSecurity Weaknesses of a Biometric-Based Remote User Authentication Scheme Using Smart Cards
Security Weaknesses of a Biometric-Based Remote User Authentication Scheme Using Smart Cards Younghwa An Computer Media Information Engineering, Kangnam University, 111, Gugal-dong, Giheung-gu, Yongin-si,
More informationA robust smart card-based anonymous user authentication protocol for wireless communications
University of Wollongong Research Online Faculty of Engineering and Information Sciences - Papers: Part A Faculty of Engineering and Information Sciences 2014 A robust smart card-based anonymous user authentication
More informationSecurity Flaws of Cheng et al. s Biometric-based Remote User Authentication Scheme Using Quadratic Residues
Contemporary Engineering Sciences, Vol. 7, 2014, no. 26, 1467-1473 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/ces.2014.49118 Security Flaws of Cheng et al. s Biometric-based Remote User Authentication
More informationOffline dictionary attack on TCG TPM weak authorisation data, and solution
Offline dictionary attack on TCG TPM weak authorisation data, and solution Liqun Chen HP Labs, UK Mark Ryan HP Labs, UK, and University of Birmingham Abstract The Trusted Platform Module (TPM) is a hardware
More informationModelling and Analysing an Identity Federation Protocol: Federated Network Providers Scenario
Modelling and Analsing an Identit Federation Protocol: Federated Network Providers Scenario Maurice H. ter Beek 1, Corrado Moiso 2, and Marinella Petrocchi 3 1 ISTI CNR, Via G. Moruzzi 1, 56124 Pisa, Ital
More informationSecure Smart Card Based Remote User Authentication Scheme for Multi-server Environment
Secure Smart Card Based Remote User Authentication Scheme for Multi-server Environment Archana P.S, Athira Mohanan M-Tech Student [Cyber Security], Sree Narayana Gurukulam College of Engineering Ernakulam,
More informationSession key establishment protocols
our task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment. -- Ross Anderson and Roger Needham, Programming Satan s computer Session
More informationAn Enhanced Dynamic Identity Based Remote User Authentication Scheme Using Smart Card without a Verification Table
An Enhanced Dynamic Identity Based Remote User Authentication Scheme Using Smart Card without a Verification Table B. Sumitra, Research Scholar, Christ University, Bangalore, India (*Corresponding Author)
More informationA modified eck model with stronger security for tripartite authenticated key exchange
A modified eck model with stronger security for tripartite authenticated key exchange Qingfeng Cheng, Chuangui Ma, Fushan Wei Zhengzhou Information Science and Technology Institute, Zhengzhou, 450002,
More informationSession key establishment protocols
our task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment. -- Ross Anderson and Roger Needham, Programming Satan s computer Session
More informationAn Improved Timestamp-Based Password Authentication Scheme Using Smart Cards
An Improved Timestamp-Based Password Authentication Scheme Using Smart Cards Al-Sakib Khan Pathan and Choong Seon Hong Department of Computer Engineering, Kyung Hee University, Korea spathan@networking.khu.ac.kr
More informationOne-Time-Password-Authenticated Key Exchange
One-Time-Password-Authenticated Key Exchange Kenneth G. Paterson 1 and Douglas Stebila 2 1 Information Security Group Royal Holloway, University of London, Egham, Surrey, UK 2 Information Security Institute
More informationPassword-based authentication and key distribution protocols with perfect forward secrecy
Journal of Computer and System Sciences 72 (2006) 1002 1011 www.elsevier.com/locate/jcss Password-based authentication and key distribution protocols with perfect forward secrecy Hung-Min Sun a,, Her-Tyan
More informationA Limitation of BAN Logic Analysis on a Man-in-the-middle Attack
ISS 1746-7659, England, U Journal of Information and Computing Science Vol. 1, o. 3, 2006, pp. 131-138 Limitation of Logic nalysis on a Man-in-the-middle ttack + Shiping Yang, Xiang Li Computer Software
More informationAn Improvement on the Self-Verification Authentication Mechanism for A Mobile Satellite Communication System
Appl. Math. Inf. Sci. 8, No. 1L, 97-106 (2014) 97 Applied Mathematics & Information Sciences An International Journal http://dx.doi.org/10.12785/amis/081l13 An Improvement on the Self-Verification Authentication
More informationAnonymous Password-based Authenticated Key Exchange
Joint Research Workshop on Ubiquitous Network Security Anonymous Password-based Authenticated Key Exchange Akihiro Yamamura, Duong Quang Viet and Hidema Tanaka NICT Security Fundamentals Group 1 Motivation:
More informationA SIGNATURE ALGORITHM BASED ON DLP AND COMPUTING SQUARE ROOTS
A SIGNATURE ALGORITHM BASED ON DLP AND COMPUTING SQUARE ROOTS Ounasser Abid 1 and Omar Khadir 2 1, 2 Laboratory of Mathematics, Cryptography and Mechanics, FSTM University Hassan II of Casablanca, Morocco
More informationOn the Security of a Certificateless Public-Key Encryption
On the Security of a Certificateless Public-Key Encryption Zhenfeng Zhang, Dengguo Feng State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing 100080,
More informationWeaknesses of Temporal Credential-Based Mutual Authentication with a Multiple-Password Scheme for Wireless Sensor Networks
Weaknesses of Temporal Credential-Based Mutual Authentication with a Multiple-Password Scheme for Wireless Sensor Networks Younsung Choi Department of Cyber Security, Howon University, 64, 3-gil, Gunsan,
More informationAn Improved Remote User Authentication Scheme with Smart Cards using Bilinear Pairings
An Improved Remote User Authentication Scheme with Smart Cards using Bilinear Pairings Debasis Giri and P. D. Srivastava Department of Mathematics Indian Institute of Technology, Kharagpur 721 302, India
More informationMTAT Cryptology II. Entity Authentication. Sven Laur University of Tartu
MTAT.07.003 Cryptology II Entity Authentication Sven Laur University of Tartu Formal Syntax Entity authentication pk (sk, pk) Gen α 1 β 1 β i V pk (α 1,...,α i 1 ) α i P sk (β 1,...,β i 1 ) Is it Charlie?
More informationRemote User Authentication Scheme in Multi-server Environment using Smart Card
Remote User Authentication Scheme in Multi-server Environment using Smart Card Jitendra Kumar Tyagi A.K. Srivastava Pratap Singh Patwal ABSTRACT In a single server environment, one server is responsible
More informationIdentification Schemes
Identification Schemes Lecture Outline Identification schemes passwords one-time passwords challenge-response zero knowledge proof protocols Authentication Data source authentication (message authentication):
More informationGroup Key Establishment Protocols
Group Key Establishment Protocols Ruxandra F. Olimid EBSIS Summer School on Distributed Event Based Systems and Related Topics 2016 July 14, 2016 Sinaia, Romania Outline 1. Context and Motivation 2. Classifications
More informationAuthenticated Key Agreement without Subgroup Element Verification
Authenticated Key Agreement without Subgroup Element Verification Taekyoung Kwon Sejong University, Seoul 143-747, Korea E-mail: tkwon@sejong.ac.kr Abstract. In this paper, we rethink the security of authenticated
More informationEfficient password authenticated key agreement using bilinear pairings
Mathematical and Computer Modelling ( ) www.elsevier.com/locate/mcm Efficient password authenticated key agreement using bilinear pairings Wen-Shenq Juang, Wei-Ken Nien Department of Information Management,
More informationAn efficient and practical solution to secure password-authenticated scheme using smart card
An efficient and practical solution to secure password-authenticated scheme using smart card R. Deepa 1, R. Prabhu M.Tech 2, PG Research scholor 1, Head of the Department 2 Dept.of Information Technology,
More informationCryptanalysis of An Advanced Temporal Credential- Based Security Scheme with Mutual Authentication and Key Agreement for Wireless Sensor Networks
Cryptanalysis of An Advanced Temporal Credential- Based Security Scheme with Mutual Authentication and Key Agreement for Wireless Sensor Networks Chandra Sekhar Vorugunti 1, Mrudula Sarvabhatla 2 1 Dhirubhai
More informationA New Efficient Authenticated and Key Agreement Scheme for SIP Using Digital Signature Algorithm on Elliptic Curves
Paper A New Efficient Authenticated and Key Agreement Scheme for SIP Using Digital Signature Algorithm on Elliptic Curves, Agadir, Morocco Abstract Voice over Internet Protocol (VoIP) has been recently
More informationA ROBUST AND FLEXIBLE BIOMETRICS REMOTE USER AUTHENTICATION SCHEME. Received September 2010; revised January 2011
International Journal of Innovative Computing, Information and Control ICIC International c 2012 ISSN 1349-4198 Volume 8, Number 5(A), May 2012 pp. 3173 3188 A ROBUST AND FLEXIBLE BIOMETRICS REMOTE USER
More informationThe Password Change Phase is Still Insecure
Manoj Kumar: The password change phase change is still insecure 1 The Password Change Phase is Still Insecure Manoj Kumar!"#$ %&''%% E. Mail: yamu_balyan@yahoo.co.in Abstract In 2004, W. C. Ku and S. M.
More informationKey Agreement. Guilin Wang. School of Computer Science, University of Birmingham
Key Agreement Guilin Wang School of Computer Science, University of Birmingham G.Wang@cs.bham.ac.uk 1 Motivations As we know, symmetric key encryptions are usually much more efficient than public key encryptions,
More informationInternet Research Task Force (IRTF) Category: Informational April 2017 ISSN:
Internet Research Task Force (IRTF) J. Schmidt Request for Comments: 8125 secunet Security Networks Category: Informational April 2017 ISSN: 2070-1721 Requirements for Password-Authenticated Key Agreement
More informationA secure and effective anonymous user authentication scheme for roaming service in global mobility networks
University of Wollongong Research Online Faculty of Engineering and Information Sciences - Papers: Part A Faculty of Engineering and Information Sciences 2013 A secure and effective anonymous user authentication
More informationA Simple User Authentication Scheme for Grid Computing
International Journal of Network Security, Vol.7, No.2, PP.202 206, Sept. 2008 202 A Simple User Authentication Scheme for Grid Computing Rongxing Lu, Zhenfu Cao, Zhenchuan Chai, and Xiaohui Liang (Corresponding
More information1 Password-based Authenticated Key Exchange. 2 Game-based Security. 3 Universal Composability. 4 Language-based Authenticated Key Exchange
Outline Password-based Authenticated Key Exchange David Pointcheval Ecole Normale Supérieure 1 Password-based Authenticated Key Exchange 2 Game-based Security 3 Universal Composability PKC 2012 Darmstadt,
More informationKey Agreement Schemes
Key Agreement Schemes CSG 252 Lecture 9 November 25, 2008 Riccardo Pucella Key Establishment Problem PK cryptosystems have advantages over SK cryptosystems PKCs do not need a secure channel to establish
More informationProofs for Key Establishment Protocols
Information Security Institute Queensland University of Technology December 2007 Outline Key Establishment 1 Key Establishment 2 3 4 Purpose of key establishment Two or more networked parties wish to establish
More informationAn Improved and Secure Smart Card Based Dynamic Identity Authentication Protocol
International Journal of Network Security, Vol.14, No.1, PP.39 46, Jan. 2012 39 An Improved and Secure Smart Card Based Dynamic Identity Authentication Protocol Sandeep Kumar Sood Department of Computer
More informationCryptanalysis Of Dynamic ID Based Remote User Authentication Scheme With Key Agreement
1 Cryptanalysis Of Dynamic ID Based Remote User Authentication Scheme With Key Agreement Sonam Devgan Kaul, Amit K. Awasthi School of Applied Sciences, Gautam Buddha University, Greater Noida, India sonamdevgan11@gmail.com,
More informationHOST Authentication Overview ECE 525
Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication in real-time
More informationPassword Authenticated Key Exchange by Juggling
A key exchange protocol without PKI Feng Hao Centre for Computational Science University College London Security Protocols Workshop 08 Outline 1 Introduction 2 Related work 3 Our Solution 4 Evaluation
More informationThree Party Authentication Scheme with Privacy in Telecare Medicine Information Systems
Three Party Authentication Scheme with Privacy in Telecare Medicine Information Systems Hee Joo Park * * Department of Cyber Security, Kyungil University, Kyungsan, Kyungbuk 712-701, Korea. *Orcid ID:
More informationImproving Service Credibility in Password Authentication Peer Service
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 5, May 2014, pg.216
More informationCryptanalysis and improvement of passwordauthenticated key agreement for session initiation protocol using smart cards
SECURITY AND COMMUNICATION NETWORKS Security Comm. Networks 2014; 7:2405 2411 Published online 17 January 2014 in Wiley Online Library (wileyonlinelibrary.com)..951 RESEARCH ARTICLE Cryptanalysis and improvement
More informationStation-to-Station Protocol
Station-to-Station Protocol U V b U = α a U b U b V,y V b V = α a V y V = sig V (U b V b U ) y U = sig U (V b U b V ) y U Lecture 13, Oct. 22, 2003 1 Security Properties of STS the scheme is secure against
More informationAvailable online at ScienceDirect. Procedia Computer Science 78 (2016 ) 95 99
Available online at www.sciencedirect.com ScienceDirect Procedia Computer Science 78 (2016 ) 95 99 International Conference on Information Security & Privacy (ICISP2015), 11-12 December 2015, Nagpur, INDIA
More informationThe Modified Scheme is still vulnerable to. the parallel Session Attack
1 The Modified Scheme is still vulnerable to the parallel Session Attack Manoj Kumar Department of Mathematics, Rashtriya Kishan (P.G.) College Shamli- Muzaffarnagar-247776 yamu_balyan@yahoo.co.in Abstract
More informationID protocols. Overview. Dan Boneh
ID protocols Overview The Setup sk Alg. G vk vk either public or secret User P (prover) Server V (verifier) no key exchange yes/no Applications: physical world Physical locks: (friend-or-foe) Wireless
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 9: Authentication Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Definition of entity authentication Solutions password-based
More informationSecurity Analysis of Two Anonymous Authentication Protocols for Distributed Wireless Networks
An abridged version of this paper appears in the Proc. of the Third IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom 2005 Workshops), 8-12 March 2005, Kauai Island,
More informationOffline dictionary attack on TCG TPM authorisation data
Offline dictionary attack on TCG TPM authorisation data Liqun Chen HP Labs, Bristol Mark D. Ryan HP Labs, Bristol University of Birmingham ASA workshop @CSF'08 June 2008 The Trusted Platform Module A hardware
More informationStrong Password Protocols
Strong Password Protocols Strong Password Protocols Password authentication over a network Transmit password in the clear. Open to password sniffing. Open to impersonation of server. Do Diffie-Hellman
More informationCategory: Informational March Methods for Avoiding the "Small-Subgroup" Attacks on the Diffie-Hellman Key Agreement Method for S/MIME
Network Working Group R. Zuccherato Request for Comments: 2785 Entrust Technologies Category: Informational March 2000 Methods for Avoiding the "Small-Subgroup" Attacks on the Diffie-Hellman Key Agreement
More informationCSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography
CSCI 454/554 Computer and Network Security Topic 5.2 Public Key Cryptography Outline 1. Introduction 2. RSA 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard 2 Introduction Public Key Cryptography
More informationCSCE 548 Building Secure Software Entity Authentication. Professor Lisa Luo Spring 2018
CSCE 548 Building Secure Software Entity Authentication Professor Lisa Luo Spring 2018 Previous Class Important Applications of Crypto User Authentication verify the identity based on something you know
More informationA New Secure Mutual Authentication Scheme with Smart Cards Using Bilinear Pairings
International Journal of Mathematical Analysis Vol. 8, 2014, no. 43, 2101-2107 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/ijma.2014.48269 A New Secure Mutual Authentication Scheme with Smart
More informationRobust Two-factor Smart Card Authentication
Robust Two-factor Smart Card Authentication Omer Mert Candan Sabanci University Istanbul, Turkey mcandan@sabanciuniv.edu Abstract Being very resilient devices, smart cards have been commonly used for two-factor
More informationAuthenticating People and Machines over Insecure Networks
Authenticating People and Machines over Insecure Networks EECE 571B Computer Security Konstantin Beznosov authenticating people objective Alice The Internet Bob Password= sesame Password= sesame! authenticate
More informationOutline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA
CSCI 454/554 Computer and Network Security Topic 5.2 Public Key Cryptography 1. Introduction 2. RSA Outline 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard 2 Introduction Public Key Cryptography
More informationPassword-Based Authenticated Key Exchange in the Three-Party Setting
Password-Based Authenticated Key Exchange in the Three-Party Setting Michel Abdalla, Pierre-Alain Fouque, and David Pointcheval Departement d Informatique École normale supérieure 45 Rue d Ulm, 75230 Paris
More informationExercises with solutions, Set 3
Exercises with solutions, Set 3 EDA625 Security, 2017 Dept. of Electrical and Information Technology, Lund University, Sweden Instructions These exercises are for self-assessment so you can check your
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationA Hash-based Strong Password Authentication Protocol with User Anonymity
International Journal of Network Security, Vol.2, No.3, PP.205 209, May 2006 (http://isrc.nchu.edu.tw/ijns/) 205 A Hash-based Strong Password Authentication Protocol with User Anonymity Kumar Mangipudi
More informationOutline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)
Outline AIT 682: Network and Systems Security 1. Introduction 2. RSA 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard Topic 5.2 Public Key Cryptography Instructor: Dr. Kun Sun 2 Public Key
More informationRoberto s Notes on Differential Calculus Chapter 8: Graphical analysis Section 5. Graph sketching
Roberto s Notes on Differential Calculus Chapter 8: Graphical analsis Section 5 Graph sketching What ou need to know alread: How to compute and interpret limits How to perform first and second derivative
More informationSecure Password-Based Remote User Authentication Scheme with Non-tamper Resistant Smart Cards
Secure Password-Based Remote User Authentication Scheme with Non-tamper Resistant Smart Cards Ding Wang, Chun-Guang Ma, Peng Wu To cite this version: Ding Wang, Chun-Guang Ma, Peng Wu. Secure Password-Based
More informationAn Enhanced Remote User Authentication Scheme with Smart Card
International Journal of Network Security, Vol.10, No.3, PP.175 184, May 2010 175 An Enhanced Remote User Authentication Scheme with Smart Card Manoj Kumar Department of Mathematics, Rashtriya Kishan College
More informationA Non-Exchanged Password Scheme for Password-Based Authentication in Client-Server Systems
American Journal of Applied Sciences 5 (12): 1630-1634, 2008 ISSN 1546-9239 2008 Science Publications A Non-Exchanged Password Scheme for Password-Based Authentication in Client-Server Systems 1 Shakir
More informationEfficient Two Server Authentication and Verification Using ECC
Efficient Two Server Authentication and Verification Using ECC Seema P. Nakhate 1, Prof. R. M. Goudar 2 Department of Computer Engineering, MIT Academy of Engineering, Alandi (D), Pune, India 1 Department
More informationKey Management and Distribution
2 and Distribution : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015 css441y15s2l10, Steve/Courses/2015/s2/css441/lectures/key-management-and-distribution.tex,
More informationCIS 4360 Secure Computer Systems Applied Cryptography
CIS 4360 Secure Computer Systems Applied Cryptography Professor Qiang Zeng Spring 2017 Symmetric vs. Asymmetric Cryptography Symmetric cipher is much faster With asymmetric ciphers, you can post your Public
More informationCrypto Background & Concepts SGX Software Attestation
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 4b Slide deck extracted from Kamran s tutorial on SGX, presented during ECE 6095 Spring 2017 on Secure Computation and Storage, a precursor to this course
More informationCryptanalysis of a timestamp-based password authentication scheme 1
Cryptanalysis of a timestamp-based password authentication scheme 1 Lizhen Yang a Kefei Chen a a Department of Computer Science and Engineering, Shanghai Jiaotong University, Shanghai 200030, P.R.China
More informationA New Attack with Side Channel Leakage during Exponent Recoding Computations
A New Attack with Side Channel Leakage during Exponent Recoding Computations Yasuyuki Sakai 1 and Kouichi Sakurai 2 1 Mitsubishi Electric Corporation, 5-1-1 Ofuna, Kamakura, Kanagawa 247-8501, Japan ysakai@iss.isl.melco.co.jp
More informationAn Enhanced Remote User Authentication Scheme with Smart Card
An Enhanced Remote User Authentication Scheme with Smart Card Manoj Kumar Department of Mathematics R. K. College Shamli-Muzaffarnagar U.P.-India- 247776 E-mail: yamu balyan@yahoo.co.in Abstract In 2000,
More informationTotal points: 71. Total time: 75 minutes. 9 problems over 7 pages. No book, notes, or calculator
CMSC 414 F08 Exam 1 Page 1 of 10 Name: Total points: 71. Total time: 75 minutes. 9 problems over 7 pages. No book, notes, or calculator 1. [14 points] a. Are n=221 and e=3 valid numbers for RSA. Explain.
More information