Abstract
We give a critical analysis of the security properties of the S/KEY user authentication system.
- {1} L. Chen, D. Gollmann, and C. Mitchell. Tailoring authentication protocols to match underlying mechanisms. In Proceedings of the Australiasian Conference on Information Security and Privacy, June 1996. Springer-Verlag, Berlin, 1996 (to appear). Google ScholarDigital Library
- {2} L. Gong. Variations on the themes of message freshness and replay. In Proceedings: Computer Security Foundations Workshop VI, pages 131-136. IEEE Computer Society Press, Los Alamitos, California, June 1993.Google ScholarCross Ref
- {3} N. Haller. The S/KEY one-time password system. Bellcore, February 1995. Internet RFC 1760. Google ScholarDigital Library
- {4} International Organization for Standardization, Genève, Switzerland. ISO/IEC 9798- 4, Information technology -- Security techniques -- Entity authentication -- Part 4: Mechanisms using a cryptographic check function, March 1995.Google Scholar
- {5} L. Lamport. Password authentication with insecure communication. Communications of the ACM, 24:770-772, 1981. Google ScholarDigital Library
- {6} R. Rivest. The MD4 Message-Digest Algorithm. MIT Laboratory for Computer Science and RSA Data Security Inc., April 1992. Internet RFC 1320.Google Scholar
Index Terms
- Comments on the S/KEY user authentication scheme
Recommendations
Secure remote user authentication scheme using bilinear pairings
WISTP'07: Proceedings of the 1st IFIP TC6 /WG8.8 /WG11.2 international conference on Information security theory and practices: smart cards, mobile and ubiquitous computing systemsIn 2006, Das et al. proposed a remote user authentication scheme using the properties of bilinear pairings. The current paper, however, demonstrates that Das et al.'s scheme is still vulnerable to an impersonation attack and an off-line password ...
Cryptanalysis and security enhancement of a 'more efficient & secure dynamic ID-based remote user authentication scheme'
Remote user authentication is a method, in which remote server verifies the legitimacy of a user over an insecure communication channel. Currently, smart card-based remote user authentication schemes have been widely adopted due to their low ...
An Improved and Effective Secure Password-Based Authentication and Key Agreement Scheme Using Smart Cards for the Telecare Medicine Information System
Recently Lee and Liu proposed an efficient password based authentication and key agreement scheme using smart card for the telecare medicine information system [J. Med. Syst. (2013) 37:9933]. In this paper, we show that though their scheme is efficient, ...
Comments