DocumentCode
2675814
Title
Defending Secret-Key Based Authentication Protocols against the Stolen-Secret Attack
Author
Sun, Hung-Min ; Wang, King-Hang
Author_Institution
Dept. of Comput. Sci., Nat. Tsing Hua Univ., Hsinchu
fYear
2008
fDate
3-5 Aug. 2008
Firstpage
385
Lastpage
389
Abstract
The security of a two-party authentication protocol relies on the stored secrets of each entity are not easily compromised by adversaries. However, in the real world, hackers can always divulge the stored secrets. In this paper, we introduce the concept of the stolen-secret attack and point out that all existing secret-key based authentication protocols and password based authentication protocols suffer from this attack. We also propose two methods that defend against the stolen-secret attack. Security proof and implementation analysis are given for both methods to illustrate their soundness and usefulness.
Keywords
computer crime; message authentication; private key cryptography; hackers; password based authentication protocols; stolen-secret attack; two-party authentication protocol; Access protocols; Authentication; Computer security; Cryptographic protocols; File servers; National security; Public key; Public key cryptography; Resists; Smart cards;
fLanguage
English
Publisher
ieee
Conference_Titel
Electronic Commerce and Security, 2008 International Symposium on
Conference_Location
Guangzhou City
Print_ISBN
978-0-7695-3258-5
Type
conf
DOI
10.1109/ISECS.2008.36
Filename
4606092
Link To Document