Integrated key exchange protocol capable of revealing spoofing and resisting dictionary attacks
Paper
Paper/Presentation Title | Integrated key exchange protocol capable of revealing spoofing and resisting dictionary attacks |
---|---|
Presentation Type | Paper |
Authors | Lai, David (Author) and Zhang, Zhongwei (Author) |
Editors | Xue, Li, Zhou, JiangYing, Yung, Moti and Jakobsson, Markus |
Journal or Proceedings Title | Technical track Proceedings, 2nd International Conference, Applied Cryptography and Network Security ACNS 2004 |
Number of Pages | 10 |
Year | 2004 |
Place of Publication | China |
Web Address (URL) of Paper | http://www.geocities.com/acns_home/ACNS2004/ |
Conference/Event | 2nd International Conference, Applied Cryptography and Network Security ACNS 2004 |
Event Details | 2nd International Conference, Applied Cryptography and Network Security ACNS 2004 Event Date 08 to end of 11 Jun 2004 Event Location Yellow Mountain, China |
Abstract | [Abstract]: In this paper we propose a new verifier-based password authentication protocol using Dynamic Passwords. The protocol features mutual authentication, integrated session key exchange and is resistant to both dictionary attacks and replay attacks. It also reveals any successful spoofing. The protocol achieves these features by using one-way hash functions, symmetric encryption and two-part Dynamic Passwords. Dynamic Passwords break user passwords into two parts: a dynamic part and a static part. The dynamic part is similar to a one-time password, which can reveal to a legitimate user if any spoofing has occurred and makes the protocol more resistant to social engineering. The static part adds entropy to the password and makes the password more resistant to dictionary attacks. Due to the fact that verifiers are not plain-text equivalent to passwords and from which no meaningful information about passwords can be extracted, verifiers in contrast to passwords are stored in authentication servers. The protocol is most suitable for mobile users because no persistent data is stored on the user side. |
Keywords | integrated key exchange, dynamic passwords, kerberos, dictionary attack, replay attack, revealing spoofing |
ANZSRC Field of Research 2020 | 460609. Networking and communications |
Public Notes | No evidence of copyright restrictions. |
Byline Affiliations | Department of Mathematics and Computing |
https://research.usq.edu.au/item/9z2ww/integrated-key-exchange-protocol-capable-of-revealing-spoofing-and-resisting-dictionary-attacks
Download files
1903
total views280
total downloads4
views this month1
downloads this month