Affiliation:
1. University of Technology Chemnitz-Zwickau, Chemnitz, Germany
Abstract
Several 3-party-based authentication protocols have been proposed, which are resistant to off-line password guessing attacks. We show that they are not resistant to a new type of attack called "undetectable on-line password guessing attack". The authentication server is not able to notice this kind of attack from the clients' (attacker's) requests, because they don't include enough information about the clients (or attacker). Either freshness or authenticity of these requests is not guaranteed. Thus the authentication server responses and leaks verifiable information for an attacker to verify his guess.
Publisher
Association for Computing Machinery (ACM)
Reference8 articles.
1. Protecting poorly chosen secrets from guessing attacks
2. Reducing risks from poorly chosen keys
3. [Schn94] B. Schneier "Applied Cryptography" New York John Wiley & Sons Inc. (1994). [Schn94] B. Schneier "Applied Cryptography" New York John Wiley & Sons Inc. (1994).
Cited by
139 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献