Journal of Advanced Navigation Technology (한국항행학회논문지)

The Korean Navigation Institute (한국항행학회)
권호 표지
DOI QR코드

DOI QR Code

Enhancement of Password-based Mutual Authentication Protocol against De-synchronization Attacks

비동기 공격에 안전한 패스워드기반 상호 인증 프로토콜

  • Yuk, Hyeong-Jun (Department of Information Security engineering, Soonchunhyang University) ;
  • Yim, Kang-Bin (Department of Information Security engineering, Soonchunhyang University)
  • 육형준 (순천향대학교 정보보호학과) ;
  • 임강빈 (순천향대학교 정보보호학과)
  • Received : 2013.01.23
  • Accepted : 2013.02.28
  • Published : 2013.02.28
Download PDF
⟨ Previous Next ⟩

Abstract

Authentication is one of the necessary elements in the network environment. Many researches have detected security vulnerabilities to the existing authentication mechanisms and suggested secure mutual authentication protocols by resolving these vulnerabilities. The representative ones of them are SPMA(Strong Pass Mutual Authentication) and I-SPMA(Improved Strong Password Mutual Authentication). However, these protocols cause a critical problem when the shared secret information is de-synchronized between the server and the client. This paper proposes a revised protocol to resolve the de-synchronization problem. Based on a security assessment on the proposed protocol, we consider the proposed protocol is safer than the previous ones and possible to effectively make a user authentication system mre secure.

네트워크 환경에서 사용자에 대한 인증은 반드시 필요한 요소이며, 그 중 SPMA(Strong Pass Mutual Authentication), I-SPMA(Improved Strong Password Mutual Authentication) 프로토콜은 과거 프로토콜이 갖는 상호인증, 재전송 공격 등에 대한 취약점에 취약하다는 것을 증명하고, 이를 보안한 안전한 사용자 인증 프로토콜을 제안하였다. 하지만 이 프로토콜은 서버와 사용자가 공유한 정보가 동기화되지 않을 경우 심각한 문제를 발생하며, 이를 복구할 수 있는 대안이 없어 더욱 심각하다. 따라서 본 논문에서는 비동기 되었을 때 스스로 복구할 수 있는 프로토콜을 제안하고, 보안 요구조건에 따른 안전성을 검증하였다. 제안한 프로토콜은 상기 SPMA, I-SPMA가 갖는 취약점을 보안하였을 뿐만 아니라 비동기 시 발생하는 취약점도 보완하여 더욱 안전한 사용자 인증 프로토콜임을 확인하였으며, 이를 사용자 인증을 활용하는 시스템에 도입할 경우 매우 효과적일 것으로 사료된다.

Keywords

References

  1. L.Lamport, "Password authentication with insecure co mmunication", Communication of ACM, vol. 24, n o. 11, pp. 770-772, Nov. 1981. https://doi.org/10.1145/358790.358797
  2. A. Shimizu, "A dynamic password authentication meth od by one-way function", IEICE Transactions on Communications, vol. J73-D-1, no. 7, pp. 630-636, Jul. 1990.
  3. A. Shimizu, "A dynamic password authentication meth od by one-way function", System and Computers in Japan, vol. 22, no. 7, pp. 32-40, Jul. 1991. https://doi.org/10.1002/scj.4690220704
  4. A. Simizu, T. Horioka, and H. Inagaki, "A password authentication method for contents communication on the internet", IEICE Transactions on Communica tions, vol. E81-B, no. 8, pp. 1666-1673, Aug. 1998.
  5. M. Sandirigame, A. Shimizu, and M.T. Noda, "Simple and secure password authentication protocol", IEIC E Transactions on Communications, vol. E83-B, no. 6, pp. 1363-1365, Jun. 2000.
  6. C. L. Lin, H. M. Sun, and T. Hwang, "Attacks and solutions on strong-password authentication", IEICE Transactions on Communications, vol. E84-B, no. 9, pp. 2622-2627, Sep. 2001.
  7. C. W. Lin, J. J. Shen, and M. S. Hwang, "Security enhancement for optimal strong-password authentic ation protocol", ACM SIGOPS Operating System Review, vol. 37, no. 2, pp. 7-12, Apr. 2003. https://doi.org/10.1145/769782.769783
  8. C. W. Lin, C. S. Tsai, and M. S. Hwang, "A new strong-password authentication scheme using one-w ay hash functions", Journal of Computer and System s Sciences International, vol. 45, no. 4, pp. 623-626, Jan. 2006. https://doi.org/10.1134/S1064230706040137
  9. Eun-Jun Yoon, You-Sik Hong, Cheon-Shik Kim, Kee- Young Yoo, "Strong Password Mutual Authenticati on Protocol", The Institute of Electronics Engineers of Korea, 46-CI(1), pp. 11-19, Jan. 2009.
  10. Jun-sub kim, Jin Kwak, "Improved Strong Password Mutual Athentication Protocol to Secure on Replay Attack", The Korea Navigation Institute, 14(3), pp. 415-425, Jun. 2010.
  11. Kyung-Roul Lee, Kang-Bin Yim, "Vulnerability Anal ysis on the Strong-Password Mutual Authentication Protocols", The Korea Navigation Institute, 15(5), pp.722-728, Oct. 2011.