Security Analysis of Yang et al.s' Practical Password-Based Two-Server Authentication and Key Exchange Systems

Full text for this resource is not available from the Research Repository.

Yi, Xun (2010) Security Analysis of Yang et al.s' Practical Password-Based Two-Server Authentication and Key Exchange Systems. In: 2010 Fourth International Conference on Network and System Security (NSS 2010) : 1-3 September 2010, Melbourne, Australia, proceedings. Xiang, Yang, Samarati, Pierangela, Hu, Jiankun, Zhou, Wanlei and Sadeghi, Ahmad-Reza, eds. IEEE, Piscataway, NJ, pp. 574-578.


Typical protocols for password-based authentication assumes a single server which stores all the passwords necessary to authenticate users. If the server is compromised, user passwords are disclosed. To address this issue, Yang et al. proposed a practical password-based two-server authentication and key exchange protocol, where a front-end server, keeping one share of a password, and a back-end server, holding another share of the password, cooperate in authenticating a user and, meanwhile, establishing a secret key with the user. In this paper, we present two ``half-online and half-offline'' attacks to Yang et al.'s protocol. By these attacks, user passwords can be determined once the back-end server is compromised. Therefore, Yang et al.'s protocol has no essential difference from a password-based single-server authentication protocol.

Dimensions Badge

Altmetric Badge

Item type Book Section
DOI 10.1109/NSS.2010.97
Official URL
ISBN 9781424484843 (print), 9780769541594 (online)
Subjects Historical > FOR Classification > 0804 Data Format
Historical > Faculty/School/Research Centre/Department > School of Engineering and Science
Keywords ResPubID19576, cryptographic protocols, message authentication, encryptions, key exchange system, password-based two-server authentication, security analysis, authentication, communication channels, dictionaries, equations, protocols, servers
Citations in Scopus 0 - View on Scopus
Download/View statistics View download statistics for this item

Search Google Scholar

Repository staff login