Abstract | ||
---|---|---|
Authentication of communicating entites and confidentiality of transmitted data are fundametal procedures to establish secure, communications over public insecure networks. Recently, many researchers proposed a variety of authentication schemes to confirm legitimate users. Among the authentication schemes, a one-time password authentication scheme requires less computation and considers the limitations of mobile devices. The purpose of a one-time password authentication is to make it more difficult to gain unauthorized access to restricted resources. This paper discusses the security of Kuo-Lee's one-time password authentication scheme. Kuo-Lee proposed to solve the security problem based on Tsuji-scheme one-time password authentication scheme. It was claimed that their proposed scheme could withstand a replay attack, a theft attack and a modification attack. Therefore, the attacker cannot successfully impersonate the user to log into the system. However, contrary to the claim, Kuo-Lee's scheme does not achieve its main security goal to authenticate communicating entities. We show that Kuo-Lee's scheme is still insecure under a modification attack, a replay attack and an impersonation attack, ill which ally attacker call violate the authentication goal of the scheme without, intercepting any transmitted message. We also propose a scheme that resolves the security flaws found in Kuo-Lee's scheme. |
Year | DOI | Venue |
---|---|---|
2009 | 10.1007/978-3-642-10844-0_49 | COMMUNICATION AND NETWORKING |
Keywords | DocType | Volume |
One-time password, authentication scheme, impersonation attack | Conference | 56 |
ISSN | Citations | PageRank |
1865-0929 | 0 | 0.34 |
References | Authors | |
4 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Mijin Kim | 1 | 44 | 9.04 |
Byunghee Lee | 2 | 60 | 6.19 |
Seungjoo Kim | 3 | 939 | 84.84 |
Dongho Won | 4 | 1262 | 154.14 |