Offline Dictionary Attack on Password Authentication Schemes Using Smart Cards | |
Wang, Ding ; Wang, Ping | |
2015 | |
关键词 | Password authentication Offline dictionary attack Smart card Common memory device Non-tamper resistant USER AUTHENTICATION KEY EXCHANGE SECURITY ENHANCEMENT EFFICIENT ROBUST IMPROVEMENTS PROTOCOL |
英文摘要 | The design of secure and efficient smart-card-based password authentication schemes remains a challenging problem today despite two decades of intensive research in the security community, and the current crux lies in how to achieve truly two-factor security even if the smart cards can be tampered. In this paper, we analyze two recent proposals, namely, Hsieh-Leu's scheme and Wang's PSCAV scheme. We show that, under their non-tamper-resistance assumption of the smart cards, both schemes are still prone to offline dictionary attack, in which an attacker can obtain the victim's password when getting temporary access to the victim's smart card. This indicates that compromising a single factor (i.e., the smart card) of these two schemes leads to the downfall of both factors (i.e., both the smart card and the password), thereby invalidating their claim of preserving two-factor security. Remarkably, our attack on the latter protocol, which is not captured in Wang's original protocol security model, reveals a new attacking scenario and gives rise to the strongest adversary model so far. In addition, we make the first attempt to explain why smart cards, instead of common cheap storage devices (e.g., USB sticks), are preferred in most two-factor authentication schemes for security-critical applications.; EI; CPCI-S(ISTP); wangdingg@mail.nankai.edu.cn; pwang@pku.edu.cn; 221-237; 7807 |
语种 | 英语 |
出处 | INFORMATION SECURITY (ISC 2013) |
DOI标识 | 10.1007/978-3-319-27659-5_16 |
内容类型 | 其他 |
源URL | [http://ir.pku.edu.cn/handle/20.500.11897/436857] ![]() |
专题 | 信息科学技术学院 软件与微电子学院 |
推荐引用方式 GB/T 7714 | Wang, Ding,Wang, Ping. Offline Dictionary Attack on Password Authentication Schemes Using Smart Cards. 2015-01-01. |
个性服务 |
查看访问统计 |
相关权益政策 |
暂无数据 |
收藏/分享 |
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论