New S/Key System against Dictionary Attack : A Case Study in Casper and CSP/FDR

Il-Gon Kim, Jin-Young Choi

Abstract

S/Key(One-Time Password) system has vulnerabilities such as dictionary attack. In this paper, we propose a corrected S/Key system mixed with EKE to solve the man-in-the-middle attack. In addition, we specify a new S/Key system with Casper, verify its secrecy and authentication properties using CSP/FDR.

References

  1. J. Clark and J. Jacob, A survey of authentication protocol literature: Version 1.0, Available via http://www.win.tue.nl/˜ecss/downloads/clarkjacob.pdf, 1997.
  2. L.Chen and C.J.Mitchell, Comments on the S/KEY user authentication scheme, ACM SIGOPS Operating Systems Review, Volume 30, Issue 4.,1996.
  3. Formal Systems(Europe) Ltd, Failure Divergence Refinement-FDR2 User Manual, Aug. 1999.
  4. C.A.R. Hoare, Communicating Sequential Processes. Prentice-Hall, 1985.
  5. G. Lowe, Casper: A compiler for the analysis of security protocols, 10th IEEE Computer Security Foundations Workshop, 1997.
  6. N. Haller, “The S/Key one-time password system,” RFC 1760, 1995.
  7. S. M. Bellovin, M. Merritt, Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks, AT&T Bell Laboratories. Proceedings of the 1992 IEEE Computer Society Conference on Research in Security and Privacy, May 1992.
Download


Paper Citation


in Harvard Style

Kim I. and Choi J. (2004). New S/Key System against Dictionary Attack : A Case Study in Casper and CSP/FDR . In Proceedings of the 2nd International Workshop on Verification and Validation of Enterprise Information Systems - Volume 1: VVEIS, (ICEIS 2004) ISBN 972-8865-03-1, pages 75-77. DOI: 10.5220/0002677500750077


in Bibtex Style

@conference{vveis04,
author={Il-Gon Kim and Jin-Young Choi},
title={New S/Key System against Dictionary Attack : A Case Study in Casper and CSP/FDR},
booktitle={Proceedings of the 2nd International Workshop on Verification and Validation of Enterprise Information Systems - Volume 1: VVEIS, (ICEIS 2004)},
year={2004},
pages={75-77},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002677500750077},
isbn={972-8865-03-1},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Workshop on Verification and Validation of Enterprise Information Systems - Volume 1: VVEIS, (ICEIS 2004)
TI - New S/Key System against Dictionary Attack : A Case Study in Casper and CSP/FDR
SN - 972-8865-03-1
AU - Kim I.
AU - Choi J.
PY - 2004
SP - 75
EP - 77
DO - 10.5220/0002677500750077