Research Repository

Security Analysis of Yang et al.s' Practical Password-Based Two-Server Authentication and Key Exchange Systems

Yi, Xun (2010) Security Analysis of Yang et al.s' Practical Password-Based Two-Server Authentication and Key Exchange Systems. In: 2010 Fourth International Conference on Network and System Security (NSS 2010) : 1-3 September 2010, Melbourne, Australia, proceedings. Xiang, Yang and Samarati, Pierangela and Hu, Jiankun and Zhou, Wanlei and Sadeghi, Ahmad-Reza, eds. IEEE, Piscataway, NJ, pp. 574-578.

Full text for this resource is not available from the Research Repository.

Abstract

Typical protocols for password-based authentication assumes a single server which stores all the passwords necessary to authenticate users. If the server is compromised, user passwords are disclosed. To address this issue, Yang et al. proposed a practical password-based two-server authentication and key exchange protocol, where a front-end server, keeping one share of a password, and a back-end server, holding another share of the password, cooperate in authenticating a user and, meanwhile, establishing a secret key with the user. In this paper, we present two ``half-online and half-offline'' attacks to Yang et al.'s protocol. By these attacks, user passwords can be determined once the back-end server is compromised. Therefore, Yang et al.'s protocol has no essential difference from a password-based single-server authentication protocol.

Item Type: Book Section
ISBN: 9781424484843 (print), 9780769541594 (online)
Uncontrolled Keywords: ResPubID19576, cryptographic protocols, message authentication, encryptions, key exchange system, password-based two-server authentication, security analysis, authentication, communication channels, dictionaries, equations, protocols, servers
Subjects: FOR Classification > 0804 Data Format
Faculty/School/Research Centre/Department > School of Engineering and Science
Depositing User: VUIR
Date Deposited: 19 Jun 2013 05:32
Last Modified: 19 Jun 2013 05:32
URI: http://vuir.vu.edu.au/id/eprint/10184
DOI: 10.1109/NSS.2010.97
ePrint Statistics: View download statistics for this item
Citations in Scopus: 0 - View on Scopus

Repository staff only

View Item View Item

Search Google Scholar