Lai, David and Zhang, Zhongwei (2004) Integrated key exchange protocol capable of revealing spoofing and resisting dictionary attacks. In: 2nd International Conference, Applied Cryptography and Network Security ACNS 2004, 8-11 June 2004, Yellow Mountain, China.
|HTML Citation||EndNote||Dublin Core||Reference Manager|
Full text available as:
|PDF (Accepted Version) - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader|
Official URL: http://www.geocities.com/acns_home/ACNS2004/
[Abstract]: In this paper we propose a new verifier-based password authentication protocol using Dynamic Passwords. The protocol features mutual authentication, integrated session key exchange and is resistant to both dictionary attacks and replay attacks. It also reveals any successful spoofing. The protocol achieves these features by using one-way hash functions, symmetric encryption and two-part Dynamic Passwords. Dynamic Passwords break user passwords into two parts: a dynamic part and a static part. The dynamic part is similar to a one-time password, which can reveal to a legitimate user if any spoofing has occurred and makes the protocol more resistant to social engineering. The static part adds entropy to the password and makes the password more resistant to dictionary attacks. Due to the fact that verifiers are not plain-text equivalent to passwords and from which no meaningful information about passwords can be extracted, verifiers in contrast to passwords are stored in authentication servers. The protocol is most suitable for mobile users because no persistent data is stored on the user side.
|Item Type:||Conference or Workshop Item (Commonwealth Reporting Category E) (Paper)|
|Additional Information:||No evidence of copyright restrictions.|
|Uncontrolled Keywords:||integrated key exchange, dynamic passwords, kerberos, dictionary attack, replay attack, revealing spoofing|
|Fields of Research (FOR2008):||08 Information and Computing Sciences > 0805 Distributed Computing > 080503 Networking and Communications|
|Subjects:||280000 Information, Computing and Communication Sciences|
|Socio-Economic Objective (SEO2008):||B Ecomonic Development > 89 Information and Communication Services > 8901 Communication Networks and Services > 890199 Communication Networks and Services not elsewhere classified|
|Deposited On:||29 Sep 2009 12:08|
|Last Modified:||12 Aug 2011 09:33|
Archive Staff Only: edit this record