Security Analysis of Secure Password Authentication for Keystroke Dynamics
Password-based authentication and key distribution are important in today’s computing environment. Since passwords are easy to remember for human users, the password-based system is used widely. However, due to the fact that the passwords are chosen from small space, the password-based schemes are more susceptible to various attacks including password guessing attacks. Recently, Choe and Kim proposed a new password authentication scheme for keystroke dynamics. However, in this paper, we cryptanalyze the Choe-Kim scheme and show it is vulnerable to various types of attacks such as server-deception attacks, server-impersonation attacks and password guessing attacks. We also comment on the scheme that more care must be taken when designing password-based schemes and briefly show how the standard like IEEE P1363.2 can be used for strengthening those schemes.
KeywordsDictionary Attack Password Authentication Keystroke Dynamic Password Authentication Scheme Guess Attack Password
Unable to display preview. Download preview PDF.
- 1.Bellovin, S., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: IEEE Symposium on Research in Security and Privacy, pp. 77–84 (1992)Google Scholar
- 2.Bellovin, S., Merritt, M.: Augmented encrypted key exchange: a password-based protocols secure against dictionary attacks and password-file compromise. In: ACM Conference on Computer and Communications Security, pp. 244–250 (1993)Google Scholar
- 3.Boyko, V., MacKenzie, P., Patel, S.: Provably secure password authenticated key exchange using Diffie-Hellman. In: Eurocrypt 2000, pp. 156–171 (2000)Google Scholar
- 8.Jablon, D.: Extended password key exchange protocols immune to dictionary attacks. In: WETICE 1997 Workshop on Enterprise Security, pp. 248–255 (1997)Google Scholar
- 9.Kwon, T.: Authentication and Key agreement via Memorable Passwords. In: Network and Distributed System Security Symposium Conference Proceedings (2001)Google Scholar
- 11.MacKenzie, P.: The PAK suites: Protocols for Password-Authenticated Key Exchange (2002), available from http://grouper.ieee.org/groups/1363/passwdPK/contributions.html#Ma
- 12.Wu, T.: Secure remote password protocol. In: Network and Distributed System Security Symposium Conference Proceedings (1998)Google Scholar
- 13.IEEE P1363.2, http://grouper.ieee.org/groups/1363/passwdPK/index.html