The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Protokol pengesahan diperlukan untuk penerima mesej untuk memastikan asalnya dalam persekitaran yang diedarkan. Memandangkan mereka bertukar-tukar mesej kriptografi pada permulaan komunikasi, keselamatan mereka adalah keperluan penting. Walau bagaimanapun, kebanyakan protokol telah mengalami beberapa jenis serangan. Serangan ulang tayang adalah salah satu jenis serangan tersebut. Penyerang boleh melancarkannya dengan mudah dengan memainkan semula mesej yang didengari. Selain itu, terdapat banyak jenis serangan ulang tayang manakala kebanyakan kaedah formal tidak dapat mengesannya. [3] mengklasifikasikan pelbagai jenis serangan ulangan dan mencadangkan taksonomi. Oleh itu, adalah perlu untuk mengesahkan protokol pengesahan dengan sengaja dengan taksonomi sedemikian sebagai asas. Dalam kertas kerja ini, pada mulanya, kami memberikan definisi yang jelas dan beberapa teguran mengenai serangan ulang tayang. Kedua, kami menyemak taksonomi serangan ulangan yang dibentangkan dalam [3], dan mengulas tentang kesilapan kecilnya. Akhirnya kami meneliti berdasarkan taksonomi protokol pengesahan berasaskan kata laluan, K1P, yang telah dicadangkan dalam kertas awal kami untuk melindungi rahsia lemah dengan cekap. Hasil daripada peperiksaan, kami mendapati bahawa K1P tiga hala yang ditunjukkan dalam [2] terdedah kepada salah satu serangan ulangan. Oleh itu, kami menambah baik K1P tiga hala pada keselamatan terhadap serangan ulang tayang. K1P tiga hala yang dipertingkatkan selamat terhadap serangan ulang tayang serta meneka serangan dan oleh itu ia mungkin berguna untuk perkhidmatan keselamatan pelbagai rangkaian komunikasi.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Salinan
Taekyoung KWON, Myeongho KANG, Sangjoon JUNG, Jooseok SONG, "An Improvement of the Password-Based Authentication Protocol (K1P) on Security against Replay Attacks" in IEICE TRANSACTIONS on Communications,
vol. E82-B, no. 7, pp. 991-997, July 1999, doi: .
Abstract: Authentication protocols are necessary for the receiver of a message to ascertain its origin in a distributed environment. Since they exchange cryptographic messages at the beginning of communication, their security is an essential requirement. However, most of the protocols have suffered from several kinds of attacks. A replay attack is one kind of those attacks. Attackers could launch it easily by replaying an eavesdropped message. Moreover, there are many types of replay attacks while most of the formal methods are not capable of detecting them. [3] classified various kinds of replay attacks and proposed a taxonomy. Therefore, it is necessary to verify authentication protocols deliberately with such a taxonomy for a basis. In this paper, at first, we give a clear definition and several remarks on replay attacks. Secondly we review the taxonomy of replay attacks presented in [3], and comment on its minor mistake. Finally we examine on the basis of the taxonomy the password-based authentication protocol, K1P, which was proposed in our earlier papers for protecting weak secrets efficiently. As a result of the examination, we have found that three way mutual K1P shown in [2] was vulnerable to one of replay attacks. Therefore, we improve three way K1P on security against the replay attack. Improved three way K1P is secure against replay attacks as well as guessing attacks and therefore it may be useful for security services of various communication networks.
URL: https://global.ieice.org/en_transactions/communications/10.1587/e82-b_7_991/_p
Salinan
@ARTICLE{e82-b_7_991,
author={Taekyoung KWON, Myeongho KANG, Sangjoon JUNG, Jooseok SONG, },
journal={IEICE TRANSACTIONS on Communications},
title={An Improvement of the Password-Based Authentication Protocol (K1P) on Security against Replay Attacks},
year={1999},
volume={E82-B},
number={7},
pages={991-997},
abstract={Authentication protocols are necessary for the receiver of a message to ascertain its origin in a distributed environment. Since they exchange cryptographic messages at the beginning of communication, their security is an essential requirement. However, most of the protocols have suffered from several kinds of attacks. A replay attack is one kind of those attacks. Attackers could launch it easily by replaying an eavesdropped message. Moreover, there are many types of replay attacks while most of the formal methods are not capable of detecting them. [3] classified various kinds of replay attacks and proposed a taxonomy. Therefore, it is necessary to verify authentication protocols deliberately with such a taxonomy for a basis. In this paper, at first, we give a clear definition and several remarks on replay attacks. Secondly we review the taxonomy of replay attacks presented in [3], and comment on its minor mistake. Finally we examine on the basis of the taxonomy the password-based authentication protocol, K1P, which was proposed in our earlier papers for protecting weak secrets efficiently. As a result of the examination, we have found that three way mutual K1P shown in [2] was vulnerable to one of replay attacks. Therefore, we improve three way K1P on security against the replay attack. Improved three way K1P is secure against replay attacks as well as guessing attacks and therefore it may be useful for security services of various communication networks.},
keywords={},
doi={},
ISSN={},
month={July},}
Salinan
TY - JOUR
TI - An Improvement of the Password-Based Authentication Protocol (K1P) on Security against Replay Attacks
T2 - IEICE TRANSACTIONS on Communications
SP - 991
EP - 997
AU - Taekyoung KWON
AU - Myeongho KANG
AU - Sangjoon JUNG
AU - Jooseok SONG
PY - 1999
DO -
JO - IEICE TRANSACTIONS on Communications
SN -
VL - E82-B
IS - 7
JA - IEICE TRANSACTIONS on Communications
Y1 - July 1999
AB - Authentication protocols are necessary for the receiver of a message to ascertain its origin in a distributed environment. Since they exchange cryptographic messages at the beginning of communication, their security is an essential requirement. However, most of the protocols have suffered from several kinds of attacks. A replay attack is one kind of those attacks. Attackers could launch it easily by replaying an eavesdropped message. Moreover, there are many types of replay attacks while most of the formal methods are not capable of detecting them. [3] classified various kinds of replay attacks and proposed a taxonomy. Therefore, it is necessary to verify authentication protocols deliberately with such a taxonomy for a basis. In this paper, at first, we give a clear definition and several remarks on replay attacks. Secondly we review the taxonomy of replay attacks presented in [3], and comment on its minor mistake. Finally we examine on the basis of the taxonomy the password-based authentication protocol, K1P, which was proposed in our earlier papers for protecting weak secrets efficiently. As a result of the examination, we have found that three way mutual K1P shown in [2] was vulnerable to one of replay attacks. Therefore, we improve three way K1P on security against the replay attack. Improved three way K1P is secure against replay attacks as well as guessing attacks and therefore it may be useful for security services of various communication networks.
ER -