Browse > Article
http://dx.doi.org/10.13089/JKIISC.2007.17.1.67

Cryptanalysis on the Authentication Mechanism of the NateOn Messenger  

Shin, Dong-Hwi (Information Security Group, School of Information and Communication Engineering, Sungkyunkwan University)
Choi, Youn-Sung (Information Security Group, School of Information and Communication Engineering, Sungkyunkwan University)
Park, Sang-Joon (Information Security Group, School of Information and Communication Engineering, Sungkyunkwan University)
Won, Dong-Ho (Information Security Group, School of Information and Communication Engineering, Sungkyunkwan University)
Kim, Seung-Joo (Information Security Group, School of Information and Communication Engineering, Sungkyunkwan University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.17, no.1, 2007 , pp. 67-80 More about this Journal
Abstract
Nateon Messenger, which has the most number of users in Korea, supports many services such as E-mail, note, Cyworld, SMS, etc. In this paper, we will analyse the authentication traffic which is transmitted and received by the Nateon Messenger. Through performing the replay attack with the authentication information, we will show that an attacker can be authenticated illegally. Furthermore, we will show that other domestic messengers have similar security problems.
Keywords
Messenger; Replay Attack; Password;
Citations & Related Records
연도 인용수 순위
  • Reference
1 C.S. Laih, L. Harn and D. Huang, Password authentication using public-key encryption, Proceeding of 1983 International Carnahan Conference on Security Technology, Zurich, Switzerland, October 1987, pp 35-38
2 Chin-Chen Chang, Wen-Yuan Liao, Remote password authentication scheme based upon ElGamal's signature schemem, Computers & Security, Vol. 13, No. 2, Apr, 1994, pp 137-144   DOI   ScienceOn
3 PasswordsPro, Inside Pro, http://www.insidepro.com/eng/passwordspro.shtml
4 The SANS Institute, Password Protection Policy Standards Organization, http://www.sans.org/resources/policies/Password_Policy.pd
5 A. Menezes, P. Van Oorschot, and S. Vanstone. Handbook of Applied Cryptography. Boca Raton, FL: CRC Press, 1997
6 Lei Fan, Jian-Hua Li, Hong-Wen Zhu, An enhancement of timestamp-based password authentication scheme, Computers and Security, Vol. 21 No. 7, 2002, pp 665-667   DOI   ScienceOn
7 마이크로소프트의 패스워드 설정 원칙, http://www.microsoft.com/athome/security/privacy/password.mspx
8 Chun-Li Lin, Tzonelih Hwang, A password authentication scheme with secure password updating, Computers and Security, Vol. 22 No. 1, 2003, pp 68-72   DOI   ScienceOn
9 Chin-Chen Chang, Tzong-Chen Wu and Chi-Sung Laih, Cryptanalysis of a password authentication scheme using quadradic residues. Computer communications, Vol. 18 No. 1, January 1995, pp 45-47   DOI   ScienceOn
10 The MD5 Message-Digest Algorithm, http://www.ietf.org/rfc/rfc1321.txt
11 정보보호진흥원 암호인증기술팀, SEED 알고리즘을 이용한 개인키 암호화 기술규격[v1.00], 정보보호진흥원, 2004
12 미국 NIST 전자인증 가이드라인 표준, NIST Special Publication 800-63 - AppendixA http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf
13 원동호, 현대암호학 2004년 3월