密码分析的通行证

2014 IEEE International Conference on Advanced Communications, Control and Computing Technologies Pub Date : 2014-05-08 DOI:10.1109/ICACCCT.2014.7019457

K. Marimuthu, D. Ganesh Gopal, S. Aditya, Varun Mittal

{"title":"密码分析的通行证","authors":"K. Marimuthu, D. Ganesh Gopal, S. Aditya, Varun Mittal","doi":"10.1109/ICACCCT.2014.7019457","DOIUrl":null,"url":null,"abstract":"The security of oPass: A User Authentication Protocol Resistant to Password Stealing and Password Reuse Attacks proposed by H.M.Sun et al. in IEEE Transactions on Information Forensics and Security, Vol.7, No.2, April 2012 is analyzed. Upon completion of the analysis of the paper, four kinds of attacks SMS service, attacks on oPass communication links, unauthorised intruder access using the master password and Network attacks on untrusted web browser are identified in different scenarios. Thus, we proved that oPass proposed by H.M.Sun et al. is not suitable for practical application.","PeriodicalId":239918,"journal":{"name":"2014 IEEE International Conference on Advanced Communications, Control and Computing Technologies","volume":"43 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-05-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Cryptanalysis of oPass\",\"authors\":\"K. Marimuthu, D. Ganesh Gopal, S. Aditya, Varun Mittal\",\"doi\":\"10.1109/ICACCCT.2014.7019457\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The security of oPass: A User Authentication Protocol Resistant to Password Stealing and Password Reuse Attacks proposed by H.M.Sun et al. in IEEE Transactions on Information Forensics and Security, Vol.7, No.2, April 2012 is analyzed. Upon completion of the analysis of the paper, four kinds of attacks SMS service, attacks on oPass communication links, unauthorised intruder access using the master password and Network attacks on untrusted web browser are identified in different scenarios. Thus, we proved that oPass proposed by H.M.Sun et al. is not suitable for practical application.\",\"PeriodicalId\":239918,\"journal\":{\"name\":\"2014 IEEE International Conference on Advanced Communications, Control and Computing Technologies\",\"volume\":\"43 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-05-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 IEEE International Conference on Advanced Communications, Control and Computing Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICACCCT.2014.7019457\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 IEEE International Conference on Advanced Communications, Control and Computing Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICACCCT.2014.7019457","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

本文分析了H.M.Sun等人在IEEE Transactions on Information Forensics and security, Vol.7, No.2, 2012年4月提出的oPass:一种抗密码窃取和密码重用攻击的用户认证协议。在完成本文的分析后，在不同的场景下识别出四种攻击:短信服务攻击、对oPass通信链路的攻击、未经授权的入侵者使用主密码访问和对不受信任的web浏览器的网络攻击。因此，我们证明了H.M.Sun等人提出的oPass并不适合实际应用。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Cryptanalysis of oPass

The security of oPass: A User Authentication Protocol Resistant to Password Stealing and Password Reuse Attacks proposed by H.M.Sun et al. in IEEE Transactions on Information Forensics and Security, Vol.7, No.2, April 2012 is analyzed. Upon completion of the analysis of the paper, four kinds of attacks SMS service, attacks on oPass communication links, unauthorised intruder access using the master password and Network attacks on untrusted web browser are identified in different scenarios. Thus, we proved that oPass proposed by H.M.Sun et al. is not suitable for practical application.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2014 IEEE International Conference on Advanced Communications, Control and Computing Technologies

自引率

0.00%

发文量