Publikation:

On the Security of PAS (Predicate-Based Authentication Service)

Vorschaubild

Dateien

Li.1pdf.pdf
Li.1pdf.pdfGröße: 350.26 KBDownloads: 449

Datum

2009

Autor:innen

Asghar, Hassan Jameel
Pieprzyk, Josef
Sadeghi, Ahmad-Reza
Schmitz, Roland
Wang, Huaxiong

Herausgeber:innen

Kontakt

ISSN der Zeitschrift

Electronic ISSN

ISBN

Bibliografische Daten

Verlag

Schriftenreihe

Auflagebezeichnung

URI (zitierfähiger Link)
http://nbn-resolving.de/urn:nbn:de:bsz:352-opus-127202
DOI (zitierfähiger Link)
https://doi.org/10.1109/ACSAC.2009.27
ArXiv-ID

Internationale Patentnummer

Link zur Lizenz
Urheberrechtlich geschützt

Angaben zur Forschungsförderung

Projekt

Open Access-Veröffentlichung
Open Access Green

Sammlungen

Informatik und Informationswissenschaft: Publikationen
Zukunftskolleg: Publikationen
Core Facility der Universität Konstanz

Gesperrt bis

Titel in einer weiteren Sprache

Publikationstyp
Beitrag zu einem Konferenzband
Publikationsstatus
Published

Erschienen in

2009 Annual Computer Security Applications Conference. IEEE, 2009, pp. 209-218. ISBN 978-0-7695-3919-5. Available under: doi: 10.1109/ACSAC.2009.27

Zusammenfassung

Recently a new human authentication scheme called PAS (predicate-based authentication service) was proposed, which does not require the assistance of any supplementary device. The main security claim of PAS is to resist passive adversaries who can observe the whole authentication session between the human user and the remote server. In this paper we show that PAS is insecure against both brute force attack and a probabilistic attack. In particular, we show that its security against brute force attack was strongly overestimated. Furthermore, we introduce a probabilistic attack, which can break part of the password even with a very small number of observed authentication sessions. Although the proposed attack cannot completely break the password, it can downgrade the PAS system to a much weaker system similar to common OTP (one-time password) systems.

Zusammenfassung in einer weiteren Sprache

Fachgebiet (DDC)
004 Informatik

Schlagwörter

authentication, Matsumoto-Imai threat model, attack, security, usability, OTP (one-time password)

Konferenz

2009 Annual Computer Security Applications Conference (ACSAC), 7. Dez. 2009 - 11. Dez. 2009, Honolulu, Hawaii, USA
Rezension
undefined / . - undefined, undefined

Forschungsvorhaben

Organisationseinheiten

Zeitschriftenheft

Zugehörige Datensätze in KOPS

Zitieren

ISO 690LI, Shujun, Hassan Jameel ASGHAR, Josef PIEPRZYK, Ahmad-Reza SADEGHI, Roland SCHMITZ, Huaxiong WANG, 2009. On the Security of PAS (Predicate-Based Authentication Service). 2009 Annual Computer Security Applications Conference (ACSAC). Honolulu, Hawaii, USA, 7. Dez. 2009 - 11. Dez. 2009. In: 2009 Annual Computer Security Applications Conference. IEEE, 2009, pp. 209-218. ISBN 978-0-7695-3919-5. Available under: doi: 10.1109/ACSAC.2009.27
BibTex
@inproceedings{Li2009-12Secur-5986,
  year={2009},
  doi={10.1109/ACSAC.2009.27},
  title={On the Security of PAS (Predicate-Based Authentication Service)},
  isbn={978-0-7695-3919-5},
  publisher={IEEE},
  booktitle={2009 Annual Computer Security Applications Conference},
  pages={209--218},
  author={Li, Shujun and Asghar, Hassan Jameel and Pieprzyk, Josef and Sadeghi, Ahmad-Reza and Schmitz, Roland and Wang, Huaxiong}
}
RDF
<rdf:RDF
    xmlns:dcterms="http://purl.org/dc/terms/"
    xmlns:dc="http://purl.org/dc/elements/1.1/"
    xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
    xmlns:bibo="http://purl.org/ontology/bibo/"
    xmlns:dspace="http://digital-repositories.org/ontologies/dspace/0.1.0#"
    xmlns:foaf="http://xmlns.com/foaf/0.1/"
    xmlns:void="http://rdfs.org/ns/void#"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema#" > 
  <rdf:Description rdf:about="https://kops.uni-konstanz.de/server/rdf/resource/123456789/5986">
    <bibo:uri rdf:resource="http://kops.uni-konstanz.de/handle/123456789/5986"/>
    <dc:creator>Pieprzyk, Josef</dc:creator>
    <dcterms:bibliographicCitation>First publ in: Proceedings : 25th Annual Computer Security Applications Conference, Honolulu, Hawaii, 7-11 December, 2009. Los Alamitos, Calif. : IEEE Computer Society, 2009. pp. 209 - 218</dcterms:bibliographicCitation>
    <dc:contributor>Li, Shujun</dc:contributor>
    <dc:creator>Sadeghi, Ahmad-Reza</dc:creator>
    <dc:contributor>Wang, Huaxiong</dc:contributor>
    <dspace:hasBitstream rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/5986/1/Li.1pdf.pdf"/>
    <dc:contributor>Sadeghi, Ahmad-Reza</dc:contributor>
    <dc:rights>terms-of-use</dc:rights>
    <dcterms:hasPart rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/5986/1/Li.1pdf.pdf"/>
    <dcterms:issued>2009-12</dcterms:issued>
    <dc:creator>Asghar, Hassan Jameel</dc:creator>
    <dc:creator>Wang, Huaxiong</dc:creator>
    <dc:creator>Schmitz, Roland</dc:creator>
    <dc:contributor>Pieprzyk, Josef</dc:contributor>
    <dcterms:title>On the Security of PAS (Predicate-Based Authentication Service)</dcterms:title>
    <dc:language>eng</dc:language>
    <dspace:isPartOfCollection rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/52"/>
    <dspace:isPartOfCollection rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
    <dcterms:isPartOf rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/52"/>
    <dc:date rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2011-03-24T16:08:34Z</dc:date>
    <dc:contributor>Asghar, Hassan Jameel</dc:contributor>
    <dc:format>application/pdf</dc:format>
    <foaf:homepage rdf:resource="http://localhost:8080/"/>
    <dcterms:rights rdf:resource="https://rightsstatements.org/page/InC/1.0/"/>
    <dcterms:isPartOf rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
    <void:sparqlEndpoint rdf:resource="http://localhost/fuseki/dspace/sparql"/>
    <dc:creator>Li, Shujun</dc:creator>
    <dc:contributor>Schmitz, Roland</dc:contributor>
    <dcterms:available rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2011-03-24T16:08:34Z</dcterms:available>
    <dcterms:abstract xml:lang="eng">Recently a new human authentication scheme called PAS (predicate-based authentication service) was proposed, which does not require the assistance of any supplementary device. The main security claim of PAS is to resist passive adversaries who can observe the whole authentication session between the human user and the remote server. In this paper we show that PAS is insecure against both brute force attack and a probabilistic attack. In particular, we show that its security against brute force attack was strongly overestimated. Furthermore, we introduce a probabilistic attack, which can break part of the password even with a very small number of observed authentication sessions. Although the proposed attack cannot completely break the password, it can downgrade the PAS system to a much weaker system similar to common OTP (one-time password) systems.</dcterms:abstract>
  </rdf:Description>
</rdf:RDF>

Interner Vermerk

xmlui.Submission.submit.DescribeStep.inputForms.label.kops_note_fromSubmitter

Kontakt
URL der Originalveröffentl.

Prüfdatum der URL

Prüfungsdatum der Dissertation

Finanzierungsart

Kommentar zur Publikation

Allianzlizenz
Corresponding Authors der Uni Konstanz vorhanden
Internationale Co-Autor:innen
Universitätsbibliographie
Ja
Begutachtet
Diese Publikation teilen