Security Analysis of Password-Authenticated Key Retrieval

被引：6

作者：

Shin, SeongHan ^{[1
]}

Kobara, Kazukuni ^{[1
]}

机构：

[1] Natl Inst Adv Ind Sci & Technol, Informat Technol Res Inst, Tokyo 1350064, Japan

来源：

IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING | 2017年 / 14卷 / 05期

关键词：

Password authentication; key retrieval; on-line/off-line dictionary attacks; IEEE; 1363.2;

D O I：

10.1109/TDSC.2015.2490064

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

A PAKR (Password-Authenticated Key Retrieval) protocol and its multi-server system allow one party (say, client), who has a memorable password, to retrieve a long-term static key in an exchange of messages with at least one other party (say, server) that has a private key associated with the password. In this paper, we analyze the only PAKR (named as PKRS-1) standardized in IEEE 1363.2 [9] and its multi-server system (also, [12]) by showing that any passive/active attacker can find out the client's password and the static key with off-line dictionary attacks. This result contradicts the security claims made for PKRS-1 (see Clause 10.2 of IEEE 1363.2 [9]).

引用

页码：573 / 576

页数：4

共 16 条

[1]

[Anonymous], 2006, 117704 ISOIEC

[2]

[Anonymous], 2015, RES PAPERS PASSWORD

[3]

[Anonymous], 2000, 1363 IEEE COMP SOC

[4]

[Anonymous], 2002, P 1 ANN PKI RES WORK

[5]

[Anonymous], 2009, 13632 IEEE COMP SOC

[6]

Bellovin S. M., 1992, Proceedings. 1992 IEEE Computer Society Symposium on Research in Security and Privacy (Cat. No.92CH3157-5), P72, DOI 10.1109/RISP.1992.213269

[7]

Bellovin S.M., 1993, CCS 93, P244

[8]

Boldyreva A, 2003, LECT NOTES COMPUT SC, V2567, P31

[9]

Boyen X., 2009, ASIACCS 09, P228

[10]

Fang Liang., 2004, P 2004 WORKSHOP SECU, P9, DOI DOI 10.1145/1111348.1111350.

← 1 2 →