Cryptanalysis on Four Two-Party Authentication Protocols
نویسندگان
چکیده
In this paper, we analyze four authentication protocols of Bindu et al., Goriparthi et al., Wang et al. and Holbl et al.. After investigation, we reveal several weaknesses of these schemes. First, Bindu et al.¡s protocol suffers from an insider impersonation attack if a malicious user obtains a lost smart card. Second, both Goriparthi et al.¡s and Wang et al.¡s protocols cannot withstand a DoS attack in the password change phase, i.e. an attacker can involve the phase to make user¡s password never be used in subsequent authentications. Third, Holbl et al.¡s protocol is vulnerable to an insider attack since a legal but malevolent user can deduce KGC¡s secret key. Keywordspassword authentication protocol; insider attack; denial-of-service attack; smart card lost problem; mutual authentication; man-in-the-middle attack
منابع مشابه
Cryptanalysis of Al-Riyami-Paterson's Authenticated Three Party Key Agreement Protocols
Recently, Al-Riyami and Paterson [1] proposed four authenticated tripartite key agreement protocols which make use of Weil pairing. In this paper, we show that the protocols are insecure against the man-in-the middle attack, key compromise impersonation attack and several known-key attacks.
متن کاملGame-Based Cryptanalysis of a Lightweight CRC-Based Authentication Protocol for EPC Tags
The term "Internet of Things (IoT)" expresses a huge network of smart and connected objects which can interact with other devices without our interposition. Radio frequency identification (RFID) is a great technology and an interesting candidate to provide communications for IoT networks, but numerous security and privacy issues need to be considered. In this paper, we analyze the security and ...
متن کاملCryptanalysis and improvement of two certificateless three-party authenticated key agreement protocols
Recently, two certificateless three-party authenticated key agreement protocols were proposed, and both protocols were claimed they can meet the desirable security properties including forward security, key compromise impersonation resistance and so on. Through cryptanalysis, we show that one neither meets forward security and key compromise impersonation resistance nor resists an attack by an ...
متن کاملCryptanalysis of Two ID-based Authenticated Key Agreement Protocols from Pairings
Recently, a number of ID-based two-party authenticated key agreement protocols which make of bilinear pairings have been proposed [3, 8, 12, 11, 14]. In this paper, we show that the Xie’s protocol [14] does not provide implicit key authentication and key-compromise impersonation resilience. Also, we point out the vulnerability of the Choi et al’s protocol [3] against signature forgery attacks.
متن کاملCryptanalysis of Yang-Li-Liao’s Simple Three-Party Key Exchange (S-3PAKE) Protocol
Three-party password authenticated key exchange (3PAKE) protocols are widely deployed on lots of remote user authentication system due to its simplicity and convenience of maintaining a human-memorable password at client side to achieve secure communication within a hostile network. Recently, an improvement of 3PAKE protocol by processing a built-in data attached to other party for identity aut...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/1007.0060 شماره
صفحات -
تاریخ انتشار 2010