Remark on the One-Time Password Authentication Protocol against Theft Attacks
نویسندگان
چکیده
Recently, Tsuji and Shimizu proposed a one-time password authentication protocol against replay and theft attacks to protect the stolen-verifier problem or other steal attacks on the Internet server. Unfortunately, in this paper, we show that their scheme is also insecure under the middle attack. Their scheme is also not secure under the middle attack. keywords: password authentication, one-time password, Internet protocol.
منابع مشابه
Biometric Authentication of Fingerprint for Banking Users, Using Stream Cipher Algorithm
Providing banking services, especially online banking and electronic payment systems, has always been associated with high concerns about security risks. In this paper, customer authentication for their transactions in electronic banking has been discussed, and a more appropriate way of using biometric fingerprint data, as well as encrypting those data in a different way, has been suggest...
متن کاملOPass: Attractive Presentation of User Authentication Protocol with Resist to Password Reuse Attacks
Passwords are the influential apparatus that tend to keep all data and information digitally safe. It is often notice that text password leftovers mostly popular over the other formats of passwords, due to the information that it is simple and convenient. However, text passwords are not always strong enough and are very easily stolen and changed under different vulnerabilities. Others can acqui...
متن کاملSecure Quantum Passwords
We propose a quantum authentication protocol that is robust against the theft of secret keys. In the protocol, disposable quantum passwords prevent impersonation attacks with stolen secret keys. The protocol also prevents the leakage of secret information of a certification agent. [email protected] [email protected]
متن کاملStrengthening Public Key Authentication Against Key Theft (Short Paper)
Authentication protocols based on an asymmetric keypair provide strong authentication as long as the private key remains secret, but may fail catastrophically if the private key is lost or stolen. Even when encrypted with a password, stolen key material is susceptible to offline brute-force attacks. In this paper we demonstrate a method for rate-limiting password guesses on stolen key material,...
متن کاملA Zero Knowledge Password Proof Mutual Authentication Technique Against Real-Time Phishing Attacks
Phishing attack is a kind of identity theft trying to steal confidential data. Existing approaches against phishing attacks cannot prevent real-time phishing attacks. This paper proposes an Anti-Phishing Authentication (APA) technique to detect and prevent real-time phishing attacks. It uses 2-way authentication and zero-knowledge password proof. Users are recommended to customize their user in...
متن کامل