Cryptology ePrint Archive: Report 2010/165

Comment on four two-party authentication protocols

Yalin Chen1, Jue-Sam Chou2,* , Chun-Hui Huang3

Abstract: In this paper, we analyze the protocols of Bindu et al., Goriparthi et al., Wang et al. and Hölbl et al.. After analyses, we found that Bindu et al.’s protocol suffers from the insider attack if the smart card is lost, both Goriparthi et al.’s and Wang et al.’s protocols can’t withstand the DoS attack on the password change phase which makes the password invalid after the protocol run, and Hölbl et al.’s protocol is vulnerable to the insider attack since a malevolent legal user can deduce KGC’s secret key xs.

Category / Keywords: cryptographic protocols / password authentication protocol, insider attack, denial-of-service attack, smart card lost problem, mutual authentication, man-in-the-middle attack

Date: received 27 Mar 2010

Contact author: jschou at mail nhu edu tw

Available formats: PDF | BibTeX Citation

Version: 20100328:184435 (All versions of this report)

Discussion forum: Show discussion | Start new discussion