Paper 2014/194

Cryptanalysis and Security Enhancement of Two Advanced Authentication Protocols

Sai Raghu Talluri and Swapnoneel Roy

Abstract

In this work we consider two protocols for performing cryptanalysis and security enhancement. The first one by Jiang et al., is a password-based authentication scheme which does not use smart cards. We note that this scheme is an improvement over Chen et al.'s scheme shown vulnerable to the off-line dictionary attack by Jiang et al. We perform a cryptanalysis on Jiang at al.'s improved protocol and observe that it is prone to the clogging attack, a kind of denial of service (DoS) attack. We then suggest an improvement on the protocol to prevent the clogging attack. The other protocol we consider for analysis is by Wang et al. This is a smart card based authentication protocol. We again perform the clogging (DoS) attack on this protocol via replay. We observe that all smart card based authentication protocols which precede the one by Wang et al., and require the server to compute the computationally intensive modular exponentiation are prone to the clogging attack. We suggest (another) improvement on the protocol to prevent the clogging attack, which also applies to the protocol by Jiang et. al.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. ICACNI 2014
Keywords
cryptanalysissecret sharing.
Contact author(s)
s roy @ unf edu
History
2014-03-13: received
Short URL
https://ia.cr/2014/194
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2014/194,
      author = {Sai Raghu Talluri and Swapnoneel Roy},
      title = {Cryptanalysis and Security Enhancement of Two Advanced Authentication Protocols},
      howpublished = {Cryptology {ePrint} Archive, Paper 2014/194},
      year = {2014},
      url = {https://eprint.iacr.org/2014/194}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.