Otway–Rees protocol

About: Otway–Rees protocol is a research topic. Over the lifetime, 1975 publications have been published within this topic receiving 40569 citations.

A Privacy-preserving Biometric Authentication Protocol Revisited

Abstract: Biometric authentication establishes the identity of an individual based on biometric templates (i.e. fingerprints, retina scans etc.). Although biometric authentication has important advantages and many applications, it also raises serious security and privacy concerns. In this parer, we investigate a privacy-preserving biometric authentication protocol that has been proposed by Bringer et al. and adopts a distributed architecture (i.e. multiple entities are involved in the authentication process). We present an attack algorithm that can be employed to mount a number of attacks on the protocol under investigation and propose an improved version of the Bringer et al. protocol that combats the presented attacks.

Security analysis and enhancements of a three-party authenticated key agreement protocol

Abstract: Three-party authenticated key agreement (3PAKA) protocol is an important cryptographic mechanism for secure communication, which allows two clients to generate a shared session key with the help of the server. Recently, Tan proposed a communication and computation-efficient 3PAKA protocol. Compared with related protocols, Tan’s protocol requires fewer rounds, lower communication cost and smaller computation cost. Tan claimed that his protocol was secure against various attacks. Unfortunately, we found that his protocol cannot withstand the key compromise impersonation attack. To improve security, we proposed a new 3PAKA protocol. Security analysis and performance analysis show our 3PAKA protocol could overcome weakness in Tan’s protocol at the cost of increasing the computational cost slightly.

Unknown Key Share Attack on STPKE' Protocol

Abstract: Three-party authenticated key exchange protocol is an important cryp- tographic technique in the secure communication areas, by which two clients, each shares a human-memorable password with a trusted server, can agree a se- cure session key. Recently, Lu and Cao proposed a simple three party password- based key exchange protocol (STPKE protocol). They claimed that their protocol is secure, efficient and practical. Unlike their claims, Kim & Choi proved that the STPKE protocol is vulnerable to Undetectable on-line password guessing at- tacks, and suggested an enhanced protocol (STPKE' protocol). In this paper, an Unknown key share attack on STPKE' protocol is demonstrated. The attack is implemented using a comprehensive set of experiments and reported. Addition- ally, the countermeasures to resist the above attack are discussed.