Impersonation Attack on Two-Gene-Relation Password Authentication Protocol (2GR)

Artigo Revisado por pares

Impersonation Attack on Two-Gene-Relation Password Authentication Protocol (2GR)

2006; Institute of Electronics, Information and Communication Engineers; Volume: E89-B; Issue: 12 Linguagem: Inglês

10.1093/ietcom/e89-b.12.3425

ISSN

1745-1345

Autores

Chia-Liang Lin, Ching-Po Hung,

Tópico(s)

User Authentication and Security Systems

Resumo

In 2004, Tsuji and Shimizu proposed a one-time password authentication protocol, named 2GR (Two-Gene-Relation password authentication protocol). The design goal of the 2GR protocol is to eliminate the stolen-verifier attack on SAS-2 (Simple And Secure password authentication protocol, ver.2) and the theft attack on ROSI (RObust and SImple password authentication protocol). Tsuji and Shimizu claimed that in the 2GR an attacker who has stolen the verifiers from the server cannot impersonate a legitimate user. This paper, however, will point out that the 2GR protocol is still vulnerable to an impersonation attack, in which any attacker can, without stealing the verifiers, masquerade as a legitimate user.

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

Impersonation Attack on Two-Gene-Relation Password Authentication Protocol (2GR)