Browse > Article
http://dx.doi.org/10.12673/jkoni.2013.17.01.024

Enhancement of Password-based Mutual Authentication Protocol against De-synchronization Attacks  

Yuk, Hyeong-Jun (Department of Information Security engineering, Soonchunhyang University)
Yim, Kang-Bin (Department of Information Security engineering, Soonchunhyang University)
Publication Information
Journal of Advanced Navigation Technology / v.17, no.1, 2013 , pp. 24-32 More about this Journal
Abstract
Authentication is one of the necessary elements in the network environment. Many researches have detected security vulnerabilities to the existing authentication mechanisms and suggested secure mutual authentication protocols by resolving these vulnerabilities. The representative ones of them are SPMA(Strong Pass Mutual Authentication) and I-SPMA(Improved Strong Password Mutual Authentication). However, these protocols cause a critical problem when the shared secret information is de-synchronized between the server and the client. This paper proposes a revised protocol to resolve the de-synchronization problem. Based on a security assessment on the proposed protocol, we consider the proposed protocol is safer than the previous ones and possible to effectively make a user authentication system mre secure.
Keywords
user authentication protocol; de-synchronization Attack; mutual authentication;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 L.Lamport, "Password authentication with insecure co mmunication", Communication of ACM, vol. 24, n o. 11, pp. 770-772, Nov. 1981.   DOI   ScienceOn
2 A. Shimizu, "A dynamic password authentication meth od by one-way function", IEICE Transactions on Communications, vol. J73-D-1, no. 7, pp. 630-636, Jul. 1990.
3 A. Shimizu, "A dynamic password authentication meth od by one-way function", System and Computers in Japan, vol. 22, no. 7, pp. 32-40, Jul. 1991.   DOI
4 A. Simizu, T. Horioka, and H. Inagaki, "A password authentication method for contents communication on the internet", IEICE Transactions on Communica tions, vol. E81-B, no. 8, pp. 1666-1673, Aug. 1998.
5 M. Sandirigame, A. Shimizu, and M.T. Noda, "Simple and secure password authentication protocol", IEIC E Transactions on Communications, vol. E83-B, no. 6, pp. 1363-1365, Jun. 2000.
6 C. L. Lin, H. M. Sun, and T. Hwang, "Attacks and solutions on strong-password authentication", IEICE Transactions on Communications, vol. E84-B, no. 9, pp. 2622-2627, Sep. 2001.
7 C. W. Lin, J. J. Shen, and M. S. Hwang, "Security enhancement for optimal strong-password authentic ation protocol", ACM SIGOPS Operating System Review, vol. 37, no. 2, pp. 7-12, Apr. 2003.   DOI   ScienceOn
8 C. W. Lin, C. S. Tsai, and M. S. Hwang, "A new strong-password authentication scheme using one-w ay hash functions", Journal of Computer and System s Sciences International, vol. 45, no. 4, pp. 623-626, Jan. 2006.   DOI   ScienceOn
9 Eun-Jun Yoon, You-Sik Hong, Cheon-Shik Kim, Kee- Young Yoo, "Strong Password Mutual Authenticati on Protocol", The Institute of Electronics Engineers of Korea, 46-CI(1), pp. 11-19, Jan. 2009.
10 Jun-sub kim, Jin Kwak, "Improved Strong Password Mutual Athentication Protocol to Secure on Replay Attack", The Korea Navigation Institute, 14(3), pp. 415-425, Jun. 2010.
11 Kyung-Roul Lee, Kang-Bin Yim, "Vulnerability Anal ysis on the Strong-Password Mutual Authentication Protocols", The Korea Navigation Institute, 15(5), pp.722-728, Oct. 2011.