Integrated key exchange protocol capable of revealing spoofing and resisting dictionary attacks

Lai, David and Zhang, Zhongwei (2004) Integrated key exchange protocol capable of revealing spoofing and resisting dictionary attacks. In: 2nd International Conference, Applied Cryptography and Network Security ACNS 2004, 8-11 June 2004, Yellow Mountain, China.

[img]
Preview
PDF (Accepted Version)
Lai_Zhang_ACNS_2004_AV.pdf

Download (142Kb)

Abstract

[Abstract]: In this paper we propose a new verifier-based password authentication protocol using Dynamic Passwords. The protocol features mutual authentication, integrated session key exchange and is resistant to both dictionary attacks and replay attacks. It also reveals any successful spoofing. The protocol achieves these features by using one-way hash functions, symmetric encryption and two-part Dynamic Passwords. Dynamic Passwords break user passwords into two parts: a dynamic part and a static part. The dynamic part is similar to a one-time password, which can reveal to a legitimate user if any spoofing has occurred and makes the protocol more resistant to social engineering. The static part adds entropy to the password and makes the password more resistant to dictionary attacks. Due to the fact that verifiers are not plain-text equivalent to passwords and from which no meaningful information about passwords can be extracted, verifiers in contrast to passwords are stored in authentication servers. The protocol is most suitable for mobile users because no persistent data is stored on the user side.


Statistics for USQ ePrint 5674
Statistics for this ePrint Item
Item Type: Conference or Workshop Item (Commonwealth Reporting Category E) (Paper)
Refereed: Yes
Item Status: Live Archive
Additional Information: No evidence of copyright restrictions.
Depositing User: Mr David Lai
Faculty / Department / School: Historic - Faculty of Sciences - Department of Maths and Computing
Date Deposited: 29 Sep 2009 02:08
Last Modified: 02 Jul 2013 23:23
Uncontrolled Keywords: integrated key exchange, dynamic passwords, kerberos, dictionary attack, replay attack, revealing spoofing
Fields of Research (FOR2008): 08 Information and Computing Sciences > 0805 Distributed Computing > 080503 Networking and Communications
Socio-Economic Objective (SEO2008): B Economic Development > 89 Information and Communication Services > 8901 Communication Networks and Services > 890199 Communication Networks and Services not elsewhere classified
URI: http://eprints.usq.edu.au/id/eprint/5674

Actions (login required)

View Item Archive Repository Staff Only