Browse > Article

Formal Specification and Verification for S/KEY Against Dictionary Attack  

Kim Il-Gon (고려대학교 컴퓨터학과)
Choi Jin-Young (고려대학교 컴퓨터학과)
Abstract
S/KEY system was proposed to guard against intruder's password replay attack. But S/KEY system has vulnerability that if an attacker derive passphrase from his dictionary file, he can acquire one-time password required for user authentication. In this paper, we propose a correct S/KEY system mixed with EKE to solve the problem. Also, we specify a new S/KEY system with Casper and CSP, verify its secrecy and authentication requirements using FDR model checking tool.
Keywords
S/KEY; one-time password; passphrase; dictionary attack; EKE protocol;
Citations & Related Records
연도 인용수 순위
  • Reference
1 B. Hatch, J. Lee and G. Kurtz, Hacking Linux Exposed, McGraw-Hill, 2001
2 C. Meadows, 'The NRL Protocol Analyzer : An Overview,' Journal of Logic Programming, Vol. 26, No.2, pp. 113-131, 1994   DOI   ScienceOn
3 L. Gong, 'Java Security: Present and Near Future,' IEEE Micro, Vol. 17 No.3, pp. 14-19, 1997   DOI   ScienceOn
4 D. Jablon, 'Strong Password-Only Authenticated Key Exchange,' ACM Computer Communications Review, pp. 5-26, 1996   DOI
5 C. Mitchell, 'Automated Analysis of Cryptographic Protocols Using Murphi,' IEEE Symposium on Security and Privacy, pp. 141-153, Oakland, 1997   DOI
6 J. Clark and J. Jacob, 'A Survey of Authentication Protocol Literature: Version 1.0,' Available via http://www.win.tue.nl/ecss/downloads/c1arkjacob.pdf, 1997
7 Formal Systems (Europe) Ltd, Failure Divergence Refinement-FDR2 User Manual, 1999
8 G. Lowe, 'Breaking and Fixing the Needham-Schroeder Public-Key Protocol using FDR,' Proceedings of TACAS, pp. 147-166, Germany, 1996
9 S. Bellovin, M. Merrit, 'Encrypted key exchange: password based protocols secure against dictionary attacks,' In Proc. of the Symposium on Security and Privacy, pp. 72-84, 1992   DOI
10 S. Schnedier, 'Verifying Authentication Protocols with CSP,' 10th IEEE Computer Security Foundations Workshop, pp. 3-17, Massachusetts, 1997   DOI
11 S. Schneider, 'Security Properties and CSP,' IEEE Symp. Security and Privacy, pp. 147-187, Oakland, 1996   DOI
12 G. Lowe and A. W. Roscoe, 'Using CSP to Detect Errors in the TMN Protocol,' IEEE Transactions in Software Engineering, Vol. 23, No. 10, pp. 659-669, 1997   DOI   ScienceOn
13 G. Lowe, 'Analysing Protocols Subject to Guessing Attacks,' Proceedings of the Workshop on Issues in the Theory of Security (WITS '02), pp. 53-84, 2002
14 S. Mann and E. L. Mitchell, Linux System Security: The Administrator's Guide to Open Source Security Tools, Prentice-Hall, 2000
15 P. Y. A. Ryan and S. A. Schneider, Modelling and Analysis of Security Protocols: the CSP Approach, Addison-Wesley, 2001
16 G. Lowe, 'Casper: A Compiler for the Analysis of Security Protocols,' 10th IEEE Computer Security Foundations Workshop, pp. 18-30, Massachusetts, 1997   DOI
17 C. A. R. Hoare, Communicating Sequential Processes. Prentice-Hall, 1985
18 N. Haller, 'The S/Key One-Time Password System,' 1995
19 L. Chen and C. J Mitchell, 'Comments on the S/KEY User Authentication Scheme,' ACM SIGOPS Operating Systems Review, Vol. 30, Issue 4. pp. 12-16, 1996   DOI
20 D. Song, D. Wagner and X. Tian, 'Timing Analysis of Keystrokes and SSH Timing Attacks,' 10th USENIX Security Symposium, pp. 337-352, Washington, 2001
21 N. M. Haller, 'The S/KeyTM One-Time Password System,' Proceedings of the Symposium on Network and Distributed System Security, pp. 151-157, San Diego CA, 1994
22 W. Stallings, Cryptography and Network Security: Principles and Practice, Prentice-Hall, 1998