Journal of Advanced Navigation Technology (한국항행학회논문지)

The Korean Navigation Institute (한국항행학회)
권호 표지

Improved Strong Password Mutual Authentication Protocol to Secure on Replay Attack

재전송 공격에 안전한 개선된 강력한 패스워드 상호인증 프로토콜

  • Kim, Jun-Sub (Dept. of Information Security Engineering, Soonchunhyang University) ;
  • Kwak, Jin (Dept. of Information Security Engineering, Soonchunhyang University)
  • 김준섭 (순천향대학교 정보보호학과) ;
  • 곽진 (순천향대학교 정보보호학과)
  • Received : 2010.05.28
  • Accepted : 2010.06.30
  • Published : 2010.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

In public network, user authentication is important security technology. Especially, password-based authentication method is used the most widely in distributed environments, and there are many authentication methods. Their SPMA protocol indicates vulnerability about problem that NSPA protocol does not offer mutual authentication, and proposed Strong Password Mutual Authentication protocol with mutual authentication. However, SPMA protocol has vulnerability of replay attack. In the paper, we analyzed vulnerability to replay attack of SPMA protocol. And we also proposed Improved Strong Password Mutual Authentication protocol to secure on replay attack with same efficiency.

개방형 네트워크에서 사용자 인증은 중요한 보안 기술이다. 특히, 패스워드 기반의 인증 방식은 분산된 환경에서 가장 널리 사용되고 있으며, 현재까지 많은 인증 방식들이 제안되고 있다. 그 중 하나인 SPMA 프로토콜은 NSPA 프로토콜에서 상호인증을 제고하지 않는 문제점으로 인하여 발생할 수 있는 취약성을 지적하며, 상호인증을 제공하는 강력한 패스워드 상호인증 프로토콜을 제안하였다. 하지만 SPMA 프로토콜은 재전송 공격에 대한 취약성을 가지고 있다. 따라서 본 논문에서는 SPMA 프로토콜의 재전송 공격에 대한 취약성을 분석하고, SPMA 프로토콜과 동일한 효율성을 제공하면서 재전송 공격에 안전한 개선된 강력한 패스워드 상호인증 프로토콜을 제안한다.

Keywords

References

  1. L. Lamport, "Password Authentication with Insecure Communication," Communications of ACM, Vol. 24, no. 11, pp. 770-772, November 1981. https://doi.org/10.1145/358790.358797
  2. C K. Chan and L. M. Cheng, "Cryptanalysis of timestamp-based password authentication scheme," Computer & Security, vol. 21, no. 1, pp. 74-76, 2002.
  3. H. Y. Chien, J. K. Jan, and Y. M. Tseng, "A modified remote login authentication scheme based on geometric approach," The Journal of Systems and Software 55, pp. 287-290, 2001. https://doi.org/10.1016/S0164-1212(00)00077-7
  4. M. S. Hwang, "A remote password authentication scheme based on the digital signature method", International Journal of Computer Mathematics, Vol. 70, no. 4, pp. 657-666, 1999. https://doi.org/10.1080/00207169908804781
  5. M. S. Hwang, C. C. Lee, and Y. L. Tang, "An Improvement of SPLICE/AS in WIDE Against Guessing Attack," Institute of Mathematics and Informatics, Vol. 12, no. 2, pp. 297-302, 2001.
  6. C. C. Lee, M. S. Hwang, and W. P. Yang, "A Flexible Remote User Authenication Scheme Using Smart Cards," ACM Operating Systems Review, Vol. 36, no. 3, pp. 46-52, 2002. https://doi.org/10.1145/567331.567335
  7. C. C. Lee, L. H. Li, and M. S. Hwang, "A Remote User Authentication Scheme Using Hash Function," ACM SIGOPS Operating Systems Review, Vol. 36 no. 4, pp. 23-29, October 2002. https://doi.org/10.1145/583800.583803
  8. L. H. Li, I. C. Lin, and M. S. Hwang, "A Remote Password Authentication Scheme, for Multiserver Architecture Using Neural Networks," IEEE Transactions on Neural Networks, Vol. 12, no. 6, pp. 1498-1504, November 2001. https://doi.org/10.1109/72.963786
  9. M. S. Hwang, C. C. Lee, and Y. L. Tang, ''A Simple Remote User Authentication Scheme," Mathematical and Computer Modeling, Vol. 36, no. 1, pp. 103-107, July 2002. https://doi.org/10.1016/S0895-7177(02)00106-1
  10. J. J. Shen, C. W. Lin, and M. S. Hwang, "A Modified Remote User Authentication Scheme Using Smart Cards," IEEE Transactions on Consumer Electronics, Vol. 49, no. 2, pp. 414-416, May 2003. https://doi.org/10.1109/TCE.2003.1209534
  11. W. H. Yang and S. P. Shied, "Password Authentication Scheme with Smart Cards," Computers & Security, Vol. 18, no. 8, pp. 727-733, 1999. https://doi.org/10.1016/S0167-4048(99)80136-9
  12. A. Shimizu, "A dynamic password authentication method by one-way function," IEICE Transactions on Communications, vol.J73-D-I, no.7, pp.630-636, July 1990.
  13. A. Shimizu, "A dynamic password authentication method by one-way function," System and Computers in Japan, Vol. 22, No. 7, pp. 32-40, July, 1991. https://doi.org/10.1002/scj.4690220704
  14. A. Simizu, T. Honoka, and H. Inagaki, "A password authentication method for contents communication on the internet," IEICE Transaction on Communications, Vol. E81-B, no. 8, pp. 1666-1673, August, 1998.
  15. M. Sandirigatta, A. Shimizu, and M. T. Noda, "Simple and Secure Password Authentication Protocol," IEICE Transactions on Communications, Vol. E83-B, no. 6, pp. 1363-1365, June 2000.
  16. C. M. Chen and W. C. Ku, "Stone-Verigier Attack on Two New Strong-Possword Authentication Protocols," IEICE Transactions on Communications, Vol. E85-B, no. 11, pp. 2519-2521, November 2002.
  17. C. L. Lin, H. M. Sun, and T. Hwang, "Attacks and Solutions on Strong-Password Authentication," IEICE Transactions on Communications, Vol. E84-B, no. 9, pp. 2622-2627, September 2001
  18. C. W. Lin, J. J. Shen, and M. S. Hwang, "Security Enhancement for Optimal Strong-Password Authentication Protocol," ACM SIGOPS Operating Systems Review, Vol. 37, no. 2, pp. 7-12, April 2003. https://doi.org/10.1145/769782.769783
  19. W. C. Ku, H. C. Tsai, and S. M. Chen, "Two simple attacks on Lin-Shen-Hwang's strong-password authentication protocol," ACM SIGOPS Operating Systems Review, Vol. 37, no. 4, pp.26-31, October 2003. https://doi.org/10.1145/958965.958968
  20. C. W. Lin, C. S. Tsai, and M. S. Hwang, "A New Strong-password Authentication Scheme Using One-Way Hash Functions," Journal of Computer and Systems Sciences International, Vol. 45, no. 4, pp. 623-626, January 2006 https://doi.org/10.1134/S1064230706040137
  21. 윤은준, 홍유식, 김천식, 유기영, "강력한 패스워드 상호인증 프로토콜," 전자공학회논문지, 제46권 CI편 제1호, 11-19쪽, 2009년 1월