Robust and Simple Authentication Protocol for Secure Communication on the Web [chapter]

Eun-Jun Yoon, Woo-Hun Kim, Kee-Young Yoo
2005 Lecture Notes in Computer Science  
User authentication is an important part of security, along with confidentiality and integrity, for systems that allow remote access over untrustworthy networks, such as the Internet Web environment. In 2005, Chien-Wang-Yang (CWY) pointed out that Chien-Jan's ROSI protocol required state synchronization between the client and the server, and then its state-synchronization property was vulnerable to the Denial of Service (DoS) attack. Furthermore, they proposed an improved protocol that
more » ... the weaknesses and extended its key agreement functions, and improved the server's performance. Nevertheless, CWY's improved ROSI protocol does not provide perfect forward secrecy and is vulnerable to a Denning-Sacco attack. Accordingly, the current paper demonstrates that CWY's protocol does not provide perfect forward secrecy and is susceptible to a Denning-Sacco attack. We then present an enhanced protocol to isolate such problems.
doi:10.1007/11531371_47 fatcat:3u3jk2ivozbbjdi2hjr4bbhvxe