Title :
Further Observations on Smart-Card-Based Password-Authenticated Key Agreement in Distributed Systems
Author :
Xinyi Huang ; Xiaofeng Chen ; Jin Li ; Yang Xiang ; Li Xu
Author_Institution :
Fujian Provincial Key Lab. of Network Security & Cryptology, Fujian Normal Univ., Fuzhou, China
Abstract :
This paper initiates the study of two specific security threats on smart-card-based password authentication in distributed systems. Smart-card-based password authentication is one of the most commonly used security mechanisms to determine the identity of a remote client, who must hold a valid smart card and the corresponding password to carry out a successful authentication with the server. The authentication is usually integrated with a key establishment protocol and yields smart-card-based password-authenticated key agreement. Using two recently proposed protocols as case studies, we demonstrate two new types of adversaries with smart card: 1) adversaries with pre-computed data stored in the smart card, and 2) adversaries with different data (with respect to different time slots) stored in the smart card. These threats, though realistic in distributed systems, have never been studied in the literature. In addition to point out the vulnerabilities, we propose the countermeasures to thwart the security threats and secure the protocols.
Keywords :
cryptographic protocols; distributed processing; message authentication; smart cards; distributed systems; key establishment protocol; security threats; smart-card-based password-authenticated key agreement; Authentication; Dictionaries; Educational institutions; Protocols; Servers; Smart cards; Authentication; key exchange; offline-dictionary attack; online-dictionary attack; smart card;
Journal_Title :
Parallel and Distributed Systems, IEEE Transactions on
DOI :
10.1109/TPDS.2013.230
