DocumentCode :
3089419
Title :
Security Analysis of Yang et al.´s Practical Password-Based Two-Server Authentication and Key Exchange System
Author :
Yi, Xun
Author_Institution :
Sch. of Eng. & Sci., Victoria Univ., Melbourne, VIC, Australia
fYear :
2010
fDate :
1-3 Sept. 2010
Firstpage :
574
Lastpage :
578
Abstract :
Typical protocols for password-based authentication assumes a single server which stores all the passwords necessary to authenticate users. If the server is compromised, user passwords are disclosed. To address this issue, Yang et al. proposed a practical password-based two-server authentication and key exchange protocol, where a front-end server, keeping one share of a password, and a back-end server, holding another share of the password, cooperate in authenticating a user and, meanwhile, establishing a secret key with the user. In this paper, we present two ``half-online and half-offline´´ attacks to Yang et al.´s protocol. By these attacks, user passwords can be determined once the back-end server is compromised. Therefore, Yang et al.´s protocol has no essential difference from a password-based single-server authentication protocol.
Keywords :
cryptographic protocols; message authentication; key exchange system; password-based two-server authentication; security analysis; Authentication; Communication channels; Dictionaries; Equations; Protocols; Servers;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Network and System Security (NSS), 2010 4th International Conference on
Conference_Location :
Melbourne, VIC
Print_ISBN :
978-1-4244-8484-3
Electronic_ISBN :
978-0-7695-4159-4
Type :
conf
DOI :
10.1109/NSS.2010.97
Filename :
5635942
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=3089419
بازگشت