Defending Secret-Key Based Authentication Protocols against the Stolen-Secret Attack

I
ISECS
2008
2008 International Symposium on Electronic Commerce and Security
Abstract - Defending Secret-Key Based Authentication Protocols against the Stolen-Secret Attack

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Hung-Min Sun Articles by King-Hang Wang

2008 International Symposium on Electronic Commerce and Security

August 03-August 05

ISBN: 978-0-7695-3258-5

	ASCII Text	x
	Hung-Min Sun, King-Hang Wang, "Defending Secret-Key Based Authentication Protocols against the Stolen-Secret Attack," Electronic Commerce and Security, International Symposium, pp. 385-389, 2008 International Symposium on Electronic Commerce and Security, 2008.

	BibTex	x
	@article{ 10.1109/ISECS.2008.36, author = {Hung-Min Sun and King-Hang Wang}, title = {Defending Secret-Key Based Authentication Protocols against the Stolen-Secret Attack}, journal ={Electronic Commerce and Security, International Symposium}, volume = {0}, year = {2008}, isbn = {978-0-7695-3258-5}, pages = {385-389}, doi = {http://doi.ieeecomputersociety.org/10.1109/ISECS.2008.36}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Electronic Commerce and Security, International Symposium TI - Defending Secret-Key Based Authentication Protocols against the Stolen-Secret Attack SN - 978-0-7695-3258-5 SP385 EP389 A1 - Hung-Min Sun, A1 - King-Hang Wang, PY - 2008 KW - null VL - 0 JA - Electronic Commerce and Security, International Symposium ER -

Hung-Min Sun

King-Hang Wang

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ISECS.2008.36

The security of a two-party authentication protocol relies on the stored secrets of each entity are not easily compromised by adversaries. However, in the real world, hackers can always divulge the stored secrets. In this paper, we introduce the concept of the stolen-secret attack and point out that all existing secret-key based authentication protocols and password based authentication protocols suffer from this attack. We also propose two methods that defend against the stolen-secret attack. Security proof and implementation analysis are given for both methods to illustrate their soundness and usefulness.

Citation:

Hung-Min Sun, King-Hang Wang, "Defending Secret-Key Based Authentication Protocols against the Stolen-Secret Attack," isecs, pp.385-389, 2008 International Symposium on Electronic Commerce and Security, 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.