Security Analysis of Password-Authenticated Key Retrieval

Security Analysis of Password-Authenticated Key Retrieval

A PAKR (Password-Authenticated Key Retrieval) protocol and its multi-server system allow one party (say, client), who has a memorable password, to retrieve a long-term static key in an exchange of messages with at least one other party (say, server) that has a private key associated with the passwor...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE transactions on dependable and secure computing 2017-09, Vol.14 (5), p.573-576
Hauptverfasser: SeongHan Shin, Kobara, Kazukuni
Format: Artikel
Sprache:eng
Schlagworte:
Authentication
Dictionaries
Generators
IEEE 1363.2
key retrieval
on-line/off-line dictionary attacks
Optical wavelength conversion
Password authentication
Passwords
Protocols
Retrieval
Security
Servers
Silicon
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A PAKR (Password-Authenticated Key Retrieval) protocol and its multi-server system allow one party (say, client), who has a memorable password, to retrieve a long-term static key in an exchange of messages with at least one other party (say, server) that has a private key associated with the password. In this paper, we analyze the only PAKR (named as PKRS-1) standardized in IEEE 1363.2 [9] and its multi-server system (also, [12]) by showing that any passive/ active attacker can find out the client's password and the static key with off-line dictionary attacks. This result contradicts the security claims made for PKRS-1 (see Clause 10.2 of IEEE 1363.2 [9]).
ISSN:1545-5971
1941-0018
DOI:10.1109/TDSC.2015.2490064