Abstract
The security of a two-party authentication protocol relies on the stored secrets of each entity are not easily compromised by adversaries. However, in the real world, hackers can always divulge the stored secrets. In this paper, we introduce the concept of the stolen-secret attack and point out that all existing secret-key based authentication protocols and password based authentication protocols suffer from this attack. We also propose two methods that defend against the stolen-secret attack. Security proof and implementation analysis are given for both methods to illustrate their soundness and usefulness.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the International Symposium on Electronic Commerce and Security, ISECS 2008 |
| Publisher | IEEE |
| Pages | 385-389 |
| Number of pages | 5 |
| ISBN (Print) | 9780769532585 |
| DOIs | |
| Publication status | Published - 3 Aug 2008 |
| Event | International Symposium on Electronic Commerce and Security, ISECS 2008 - Guangzhou, China Duration: 3 Aug 2008 → 5 Aug 2008 https://doi.org/10.1109/isecs14120.2008 |
Publication series
| Name | Proceedings of the International Symposium on Electronic Commerce and Security, ISECS 2008 |
|---|
Conference
| Conference | International Symposium on Electronic Commerce and Security, ISECS 2008 |
|---|---|
| Country/Territory | China |
| City | Guangzhou |
| Period | 3/08/08 → 5/08/08 |
| Other | Conference proceeding |
| Internet address |
UN SDGs
This output contributes to the following UN Sustainable Development Goals (SDGs)
-
SDG 16 Peace, Justice and Strong Institutions
Fingerprint
Dive into the research topics of 'Defending secret-key based authentication protocols against the stolen-secret attack'. Together they form a unique fingerprint.Cite this
- APA
- Author
- BIBTEX
- Harvard
- Standard
- RIS
- Vancouver