File(s) under permanent embargo
Further observations on smart-card-based password-authenticated key agreement in distributed systems
Version 2 2024-06-06, 01:57Version 2 2024-06-06, 01:57
Version 1 2014-11-25, 14:08Version 1 2014-11-25, 14:08
journal contribution
posted on 2024-06-06, 01:57 authored by X Huang, X Chen, J Li, Y Xiang, L XuThis paper initiates the study of two specific security threats on smart-card-based password authentication in distributed systems. Smart-card-based password authentication is one of the most commonly used security mechanisms to determine the identity of a remote client, who must hold a valid smart card and the corresponding password to carry out a successful authentication with the server. The authentication is usually integrated with a key establishment protocol and yields smart-card-based password-authenticated key agreement. Using two recently proposed protocols as case studies, we demonstrate two new types of adversaries with smart card: 1) adversaries with pre-computed data stored in the smart card, and 2) adversaries with different data (with respect to different time slots) stored in the smart card. These threats, though realistic in distributed systems, have never been studied in the literature. In addition to point out the vulnerabilities, we propose the countermeasures to thwart the security threats and secure the protocols. © 2013 IEEE.
History
Journal
IEEE Transactions on Parallel and Distributed SystemsVolume
25Pagination
1767-1775Location
Piscataway, N. JPublisher DOI
ISSN
1045-9219Language
engPublication classification
C Journal article, C1 Refereed article in a scholarly journalCopyright notice
2014, IEEEIssue
7Publisher
IEEE Computer SocietyUsage metrics
Categories
Keywords
Authenticationkey exchangeoffline-dictionary attackonline-dictionary attacksmart cardScience & TechnologyTechnologyComputer Science, Theory & MethodsEngineering, Electrical & ElectronicComputer ScienceEngineeringUSER AUTHENTICATIONREMOTE AUTHENTICATIONSECURITY ENHANCEMENTSCHEMEEFFICIENTIMPROVEMENTROBUST080503 Networking and Communications890202 Application Tools and System UtilitiesSchool of Information Technology
Licence
Exports
RefWorksRefWorks
BibTeXBibTeX
Ref. managerRef. manager
EndnoteEndnote
DataCiteDataCite
NLMNLM
DCDC