scispace - formally typeset
Search or ask a question
Journal ArticleDOI

Limitations of challenge-response entity authentication

17 Aug 1989-Electronics Letters (IET)-Vol. 25, Iss: 17, pp 1195-1196
TL;DR: This work considers two basic versions of the challenge-response authentication protocol, and exhibits both a method of attack and a simple modification preventing such attacks.
Abstract: We consider two basic versions of the challenge-response authentication protocol, and exhibit both a method of attack and a simple modification preventing such attacks. We go on to consider three variants of the basic protocols and show that one of them is completely insecure.
Citations
More filters
Journal ArticleDOI
TL;DR: This paper analyzes three models of the key distribution, associated with the actual applications for the encryption in the hypermedia video stream, and raises up a new protocol based on the IKEV2 distribution protocol and evaluates the stability when it suffer the Man-in –the-Middle Attacks, DoS and Replay attacks.
Abstract: In the daily-real systems, protecting the data only is far less enough. The process about the generation, distribution, storage, and the revocation of the key is the core problem in the system-security consideration. If the management of the key is insecure, attackers could easily get the key used in the encryption steps to the context, leading to useless processing in the encryption no matter how secure the system be. Unlike the period of validity for the different key, the key can easily be attacked by various methods due to its distribution through the complex net links, which would bring about the threatening of the security. In this paper, we analyze three models of the key distribution, associated with the actual applications for the encryption in the hypermedia video stream. Besides, we raise up a new protocol based on the IKEV2 distribution protocol and evaluate the stability when it suffer the Man-in –the-Middle Attacks, DoS and Replay attacks.
Posted Content
TL;DR: This paper analyzes that password change phase of Yoon et al's modified scheme is still insecure and proposes a new efficient remote user authentication scheme using smart cards.
Abstract: In 2004, W. C. Ku and S. M. Chen proposed an efficient remote user authentication scheme using smart cards to solve the security problems of Chien et al.'s scheme. Recently, Hsu and Yoon et al. pointed out the security weaknesses of the Ku and Chen's scheme Furthermore, Yoon et al. also proposed a new efficient remote user authentication scheme using smart cards. Yoon et al. also modified the password change phase of Ku and Chen's scheme. This paper analyzes that password change phase of Yoon et al's modified scheme is still insecure.
Book ChapterDOI
25 Apr 2001
TL;DR: This paper manipulates ATM technology's ability to provide guarantees associated with the bandwidth and delay characteristics over a given connection to provide timing guarantees on a cryptographic protocol message, which can be used to monitor for foul play in the message delivery process.
Abstract: In this paper, we describe a method of using Asynchronous Transfer Mode (ATM) network technology to defeat attacks that rely on the opponent's ability disrupt the timely delivery of messages within a cryptographic protocol. Our method centres on ATM technology's ability to provide guarantees associated with the bandwidth and delay characteristics over a given connection. We manipulate these mechanisms to provide timing guarantees on a cryptographic protocol message, which can be used to monitor for foul play in the message delivery process. We also describe how this can be used to detect a denial of service attack.

Cites background from "Limitations of challenge-response e..."

  • ...Work by various authors [6,7,16,9,2,12,15] show the potential for such attacks on certain protocols....

    [...]

Posted Content
TL;DR: It is proved that the password change phase of Yoon et al. scheme is still insecure and is still vulnerable to parallel session attack.
Abstract: Yoon et al. proposed a new efficient remote user authentication scheme using smart cards to solve the security problems of W. C. Ku and S. M. Chen scheme. This paper reviews Yoon et al. scheme and then proves that the password change phase of Yoon et al. scheme is still insecure. This paper also proves that the Yoon et al. is still vulnerable to parallel session attack.
Proceedings ArticleDOI
21 Nov 2008
TL;DR: This work proposes an enhanced verifier-free password authentication scheme for resource-limited environments with better security strength, and finds that Wang et al.'s scheme is still vulnerable to several attacks.
Abstract: To realize secure access to multimedia anywhere, anytime, and with any devices, we need efficient authentication mechanisms suitable for resource-limited environments. Password authentication is regarded as one of the most widely used authentication mechanisms for its convenience, easy implementation, and user-friendliness. Up to now, many verifier-free password authentication schemes that can resist stolen-verifier attacks have been proposed, and each has its pros and cons. Recently, Wang et al. showed that two new verifier-free password authentication schemes are vulnerable to an off-line password guessing attack, a forgery attack, and a denial-of-service attack, and then proposed an improved scheme for the real application in resource-limited environments. Unfortunately, we find that Wang et al.'s scheme is still vulnerable to several attacks. Herein, we propose an enhanced verifier-free password authentication scheme for resource-limited environments with better security strength.
References
More filters