Browse > Article
http://dx.doi.org/10.13089/JKIISC.2010.20.5.81

Weaknesses of the new design of wearable token system proposed by Sun et al.  

Kim, Jung-Yoon (Sungkyunkwan University)
Choi, Hyoung-Kee (Sungkyunkwan University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.20, no.5, 2010 , pp. 81-88 More about this Journal
Abstract
Sun et al. proposed a new design of wearable token system for security of mobile devices, such as a notebook and PDA. In this paper, we show that Sun et al.'s system is vulnerable to off-line password guessing attack and man in the middle attack based on known plain-text attack. We propose an improved scheme which overcomes the weaknesses of Sun et al.'s system. The proposed protocol requires to perform one modular multiplication in the wearable token, which has low computation ability, and modular exponentiation in the mobile devices, which have sufficient computing resources. Our protocol has no security problem, which threatens Sun's system, and known vulnerabilities. That is, the proposed protocol overcomes the security problems of Sun's system with minimal overheads.
Keywords
wearable token; authentication; offline password guessing attack; man-in-the-middle attack;
Citations & Related Records
연도 인용수 순위
  • Reference
1 T. Cao and D. Lin, "Cryptanalysis of Two Password Authenticated Key Exchange Protocols Based on RSA," IEEE Communications Letters, vol. 10, no. 8, pp. 623-625, Aug. 2006.   DOI   ScienceOn
2 C. C. Yang and R. C. Wang, "Cryptanalysis of Improvement of Password Authenticated Key Exchange Based on RSA for Imbalanced Wireless Networks," IEICE Transactions on Communications, vol. e88-b, no. 11, pp. 4370-4372, Nov. 2005.   DOI   ScienceOn
3 W. C. Ku, "Weaknesses and Drawbacks of a Password Authentication Scheme Using Neural Networks for Multiserver Architecture," IEEE Transactions on Neural Networks, vol. 16, no. 4, pp. 1002-1005, Jul. 2005.   DOI   ScienceOn
4 W. Diffie and M. E. Hellman, "New Directions in Cryptography," IEEE Transactions on Information Theory, vol. IT-22, pp. 644-654, Nov. 1976.
5 Joan Daemen and Vincent Rijmen, The Design of Rijndael: AES - The Advanced Encryption Standard, Springer-Verlag, 2002.
6 R. Rivest, A. Shamir, and L. Adleman, "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems," Communications of the ACM, vol. 21, no. 2, pp. 120-126, Feb. 1978.   DOI   ScienceOn
7 M. D. Corner and B. D. Noble, "Zerointeraction authentication," in Proc. 8th Int'l Conf. Mobile Computing and Networking, Georgia, pp. 1-11, Sep. 2002.
8 A. J. Nicholson, M. D. Corner, and B. D. Noble, "Mobile device security using transient authentication," IEEE Trans. Mob. Comput., vol. 5, no. 11, pp. 1489-1502, Nov. 2006.   DOI
9 D. Z. Sun, J. P. Huai, J. Z. Sun, J. W. Zhang, and Z. Y. Feng, "A New Design of Wearable Token System for Mobile Device Security," IEEE Trans. Consumer Electronics, vol.54, no.4, pp.1784-1789, Nov. 2008.   DOI