Abstract
Password-based authentication and key distribution are important in today’s computing environment. Since passwords are easy to remember for human users, the password-based system is used widely. However, due to the fact that the passwords are chosen from small space, the password-based schemes are more susceptible to various attacks including password guessing attacks. Recently, Choe and Kim proposed a new password authentication scheme for keystroke dynamics. However, in this paper, we cryptanalyze the Choe-Kim scheme and show it is vulnerable to various types of attacks such as server-deception attacks, server-impersonation attacks and password guessing attacks. We also comment on the scheme that more care must be taken when designing password-based schemes and briefly show how the standard like IEEE P1363.2 can be used for strengthening those schemes.
This study was supported in part by a grant of the Korea Health 21 R&D Project, Ministry of Health & Welfare, Republic of Korea. (0412-MI01-0416-0002).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bellovin, S., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: IEEE Symposium on Research in Security and Privacy, pp. 77–84 (1992)
Bellovin, S., Merritt, M.: Augmented encrypted key exchange: a password-based protocols secure against dictionary attacks and password-file compromise. In: ACM Conference on Computer and Communications Security, pp. 244–250 (1993)
Boyko, V., MacKenzie, P., Patel, S.: Provably secure password authenticated key exchange using Diffie-Hellman. In: Eurocrypt 2000, pp. 156–171 (2000)
Choe, Y., Kim, S.: Secure Password Authentication for Keystroke Dynamics. In: Khosla, R., Howlett, R.J., Jain, L.C. (eds.) KES 2005. LNCS (LNAI), vol. 3683, pp. 317–324. Springer, Heidelberg (2005)
Diffie, W., Hellman, M.: New directions in cryptograpy. IEEE Transactions on Information Theory 22(6), 644–654 (1976)
Gong, L., Lomas, M., Needham, R., Saltzer, J.: Protecting Poorly Chosen Secrets from Guessing Attacks. IEEE Journal on Selected Areas in Commuinications 11(5), 648–656 (1993)
Jablon, D.: Strong password-only authenticated key exchange. ACM Computer Communications Review 26(5), 5–26 (1996)
Jablon, D.: Extended password key exchange protocols immune to dictionary attacks. In: WETICE 1997 Workshop on Enterprise Security, pp. 248–255 (1997)
Kwon, T.: Authentication and Key agreement via Memorable Passwords. In: Network and Distributed System Security Symposium Conference Proceedings (2001)
MacKenzie, P.: More Efficient Password-Authenticated Key Exchange. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 361–377. Springer, Heidelberg (2001)
MacKenzie, P.: The PAK suites: Protocols for Password-Authenticated Key Exchange (2002), available from http://grouper.ieee.org/groups/1363/passwdPK/contributions.html#Ma
Wu, T.: Secure remote password protocol. In: Network and Distributed System Security Symposium Conference Proceedings (1998)
IEEE P1363.2, http://grouper.ieee.org/groups/1363/passwdPK/index.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Song, H., Kwon, T. (2006). Security Analysis of Secure Password Authentication for Keystroke Dynamics. In: Gabrys, B., Howlett, R.J., Jain, L.C. (eds) Knowledge-Based Intelligent Information and Engineering Systems. KES 2006. Lecture Notes in Computer Science(), vol 4251. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11892960_110
Download citation
DOI: https://doi.org/10.1007/11892960_110
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-46535-5
Online ISBN: 978-3-540-46536-2
eBook Packages: Computer ScienceComputer Science (R0)