Browse > Article
http://dx.doi.org/10.12673/jant.2011.15.5.722

Vulnerability Analysis on the Strong-Password Mutual Authentication Protocols  

Lee, Kyung-Roul (Soonchunhyang University)
Yim, Kang-Bin (Soonchunhyang University)
Publication Information
Journal of Advanced Navigation Technology / v.15, no.5, 2011 , pp. 722-728 More about this Journal
Abstract
Most services need to have authentication protocols to verify users' eligibility in the network environment. For this, a lot of user authentication protocols have been researched and developed. Two of them, SPMA and I-SPMA protocols, introduced the lack of mutual authentication and vulnerability to the reply attack of the prior protocols and suggested revised protocols. Nevertheless, these protocols did not mention about the critical problem caused when the server and the client lose synchronization on the secret information between them. Therefore, in this paper, we analyze the security characteristics of the existing protocols and prove the vulnerability to the synchronization of the protocols.
Keywords
Password-based authentication; Authentication protocol; Mutual authentication; Desynchronization attack; Denial of service attack;
Citations & Related Records
Times Cited By KSCI : 4  (Citation Analysis)
연도 인용수 순위
1 L. Lamport, "Password authentication with insecure communication," Communication of ACM, vol. 24, no. 11, pp. 770-772, Nov. 1981   DOI   ScienceOn
2 A. Shimizu, "A dynamic password authentication method by one-way function," IEICE Transactions on Communications, vol. J73-D-1, no. 7, pp. 630-636, Jul. 1990
3 A. Shimizu, "A dynamic password authentication method by one-way function," System and Computers in Japan, vol. 22, no. 7, pp. 32-40, Jul. 1991   DOI
4 A. Simizu, T. Horioka, and H. Inagaki, "A password authentication method for contents communication on the internet," IEICE Transactions on Communications, vol. E81-B, no. 8, pp. 1666-1673, Aug. 1998
5 M. Sandirigame, A. Shimizu, and M. T. Noda, "Simple and secure password authentication protocol," IEICE Transactions on Communications, vol. E83-B, no. 6, pp. 1363-1365, Jun. 2000
6 C. L. Lin, H. M. Sun, and T. Hwang, "Attacks and solutions on strong-password authentication," IEICE Transactions on Communications, vol. E84-B, no. 9, pp. 2622-2627, Sep. 2001
7 C. W. Lin, J. J. Shen, and M. S. Hwang, "Security enhancement for optimal strong-password authentication protocol," ACM SIGOPS Operating System Review, vol. 37, no. 2, pp. 7-12, Apr. 2003   DOI   ScienceOn
8 C. W. Lin, C. S. Tsai, and M. S. Hwang, "A new strong-password authentication scheme using one- way hash functions," Journal of Computer and Systems Sciences International, vol. 45, no. 4, pp. 623-626, Jan. 2006   DOI   ScienceOn
9 윤은준, 홍유식, 김천식, 유기영, "강력한 패스워드 상호인증 프로토콜," 전자공학회 논문지, 46-CI(1), pp. 11-19, 2009년 1월
10 김준섭, 곽진, "재전송 공격에 안전한 개선된 강력한 패스워드 상호인증 프로토콜," 항행학회 논문지, 14(3), pp. 415-425, 2010년 6월
11 윤택영, 김창한, "위임기반 인증 프로토콜의 프라이버시 취약성 분석," 정보보호학회 논문지, 20(6), pp. 53-57, 2010년 12월
12 김정태, "RFID 태그 보안과 프로토콜의 취약점 분석 및 보안성 향상을 위한 기법," 한국해양정보통신학회논문지, 15(6), pp. 1307-1312, 2011년
13 김정윤, 강성용, 장학범, "Pay-TV 방송 시스템을 위한 Sun 등이 제안한 접근제어 시스템의 취약점 분석에 관한 연구," 한국정보처리학회 춘계학술발표대회, pp. 808-811, 2011년 4월
14 장학범, 강성용, 최형기, "Return Routability 프로토콜의 취약점 및 개선 방안," 한국정보처리학회 춘계학술발표대회, pp. 945-948, 2011년 4월
15 김준섭, 곽진, "Yang의 강력한 패스워드 인증 스킴에 대한 보안 취약점 분석," 한국정보처리학회 춘계학술발표대회, pp. 797-799, 2011년 4월