Ya-Fen Chang, Huan-Wen Chen, TingMao Chang, W. Tai
{"title":"全球移动网络漫游服务匿名双因素认证协议的安全性分析","authors":"Ya-Fen Chang, Huan-Wen Chen, TingMao Chang, W. Tai","doi":"10.1109/SNPD51163.2021.9704963","DOIUrl":null,"url":null,"abstract":"Recently, Gupta and Chaudhari proposed an anonymous two factor authentication protocol for roaming service in global mobile networks. They claimed that their scheme could not only ensure strong user anonymity, mutual authentication and perfect forward secrecy but also resist desynchronization attack, password guessing attack, replay attack, and insider attack. After analyzing their scheme, we find that it suffers from some flaws. First, the foreign agent cannot determine who the home agent is and whether the received request is for itself or not. Second, some operation cannot be executed by the home agent to record the number of authentication failure. Third, the foreign agent cannot determine whether the message received sent by the home agent is for itself or not. Fourth, a malicious user can mount parallel attack to obtain the unauthorized service. In this paper, we will show how these flaws threaten Gupta and Chaudhari’s protocol.","PeriodicalId":235370,"journal":{"name":"2021 IEEE/ACIS 22nd International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-11-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Security Analyses of an Anonymous Two Factor Authentication Protocol for Roaming Service in Global Mobile Networks\",\"authors\":\"Ya-Fen Chang, Huan-Wen Chen, TingMao Chang, W. Tai\",\"doi\":\"10.1109/SNPD51163.2021.9704963\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Recently, Gupta and Chaudhari proposed an anonymous two factor authentication protocol for roaming service in global mobile networks. They claimed that their scheme could not only ensure strong user anonymity, mutual authentication and perfect forward secrecy but also resist desynchronization attack, password guessing attack, replay attack, and insider attack. After analyzing their scheme, we find that it suffers from some flaws. First, the foreign agent cannot determine who the home agent is and whether the received request is for itself or not. Second, some operation cannot be executed by the home agent to record the number of authentication failure. Third, the foreign agent cannot determine whether the message received sent by the home agent is for itself or not. Fourth, a malicious user can mount parallel attack to obtain the unauthorized service. In this paper, we will show how these flaws threaten Gupta and Chaudhari’s protocol.\",\"PeriodicalId\":235370,\"journal\":{\"name\":\"2021 IEEE/ACIS 22nd International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-11-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 IEEE/ACIS 22nd International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SNPD51163.2021.9704963\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE/ACIS 22nd International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SNPD51163.2021.9704963","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Security Analyses of an Anonymous Two Factor Authentication Protocol for Roaming Service in Global Mobile Networks
Recently, Gupta and Chaudhari proposed an anonymous two factor authentication protocol for roaming service in global mobile networks. They claimed that their scheme could not only ensure strong user anonymity, mutual authentication and perfect forward secrecy but also resist desynchronization attack, password guessing attack, replay attack, and insider attack. After analyzing their scheme, we find that it suffers from some flaws. First, the foreign agent cannot determine who the home agent is and whether the received request is for itself or not. Second, some operation cannot be executed by the home agent to record the number of authentication failure. Third, the foreign agent cannot determine whether the message received sent by the home agent is for itself or not. Fourth, a malicious user can mount parallel attack to obtain the unauthorized service. In this paper, we will show how these flaws threaten Gupta and Chaudhari’s protocol.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
