Cryptanalysis on Four Two-Party Authentication Protocols
Yalin Chen, Jue-Sam Chou*, Chun-Hui Huang
TL;DR
This paper critically examines four two-party authentication protocols, revealing multiple security vulnerabilities including insider impersonation, denial-of-service, and key compromise issues, thereby highlighting the need for more robust authentication schemes.
Contribution
The paper provides a detailed cryptanalysis of four existing protocols, identifying specific weaknesses and security flaws that were previously unreported.
Findings
Bindu et al.'s protocol is vulnerable to insider impersonation.
Goriparthi et al. and Wang et al. protocols are susceptible to DoS attacks during password change.
Hölbl et al.'s protocol allows insider attacks leading to key compromise.
Abstract
In this paper, we analyze four authentication protocols of Bindu et al., Goriparthi et al., Wang et al. and H\"olbl et al.. After investigation, we reveal several weaknesses of these schemes. First, Bindu et al.'s protocol suffers from an insider impersonation attack if a malicious user obtains a lost smart card. Second, both Goriparthi et al.'s and Wang et al.'s protocols cannot withstand a DoS attack in the password change phase, i.e. an attacker can involve the phase to make user's password never be used in subsequent authentications. Third, H\"olbl et al.'s protocol is vulnerable to an insider attack since a legal but malevolent user can deduce KGC's secret key.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Authentication Protocols Security · User Authentication and Security Systems · Cryptography and Data Security