Undetectable On{line Password Guessing Attacks Undetectable On-line Password Guessing Attacks
نویسندگان
چکیده
Limited distribution notes: This report has been issued as a Research Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher its distribution outside the University of Technology Chemnitz-Zwickau prior to publication should be limited to peer communications and speciic requests. After outside publication, requests should be lled only by reprints or legally obtained copies of the article. Abstract Several 3{party{based authentication protocols have been proposed, which are resistant to oo{line password guessing attacks. We show that they are not resistant to a new type of attack called \undetectable on{line password guessing attack". The authentication server is not able to notice this kind of attack from the clients' (attacker's) requests, because they don't include enough information about the clients (or attacker). Either freshness or authenticity of these requests is not guaranteed. Thus the authentication server responses and leaks veriiable information for an attacker to verify his guess.
منابع مشابه
An Improvement on Remote User Authentication Schemes Using Smart Cards
In 2010, Yeh et al. proposed two robust remote user authentication schemes using smart cards; their claims were such that their schemes defended against ID-theft attacks, reply attacks, undetectable on-line password guessing attacks, off-line password guessing attacks, user impersonation attack, server counterfeit attack and man-in-the-middle attack. In this paper, we show that Yeh et al.’s sch...
متن کاملPassword-Based Group Key Exchange Secure Against Insider Guessing Attacks
Very recently, Byun and Lee suggested two provably secure group Diffie-Hellman key exchange protocols using n participant’s distinct passwords. Unfortunately, the schemes were found to be flawed by Tang and Chen. They presented two password guessing attacks such as off-line and undetectable on-line dictionary attacks by malicious insider attacker. In this paper, we present concrete countermeasu...
متن کاملCryptanalysis on a Three Party Key Exchange Protocol-STPKE'
In the secure communication areas, three-party authenticated key exchange protocol is an important cryptographic technique. In this protocol, two clients will share a human-memorable password with a trusted server, in which two users can generate a secure session key. On the other hand the protocol should resist all types of password guessing attacks. Recently, STPKE’ protocol has been proposed...
متن کاملComments on Weaknesses in Two Group Diffie-Hellman Key Exchange Protocols
In [3], Tang presented two password guessing attacks such as off-line and undetectable on-line dictionary attacks against password-based group Diffie-Hellman key exchange protocols by Byun and Lee [2]. In this paper, we present countermeasures for two attacks by Tang.
متن کاملEfficient Three-Party Authentication and Key Agreement Protocols Resistant to Password Guessing Attacks
Three-party EKE was proposed to establish a session key between two clients through a server. However, three-party EKE is insecure against undetectable on-line and off-line password guessing attacks. In this paper, we first propose an enhanced three-party EKE to withstand the security risk in three-party EKE. We also propose a verifier-based three-party EKE that is more secure than a plaintext-...
متن کامل