Security Flaw in SAS-2 Protocol

Eddy CIZERON  Hirohisa AMAN  Hiroshi KAI  Matu-Tarow NODA  

Publication
IEICE TRANSACTIONS on Communications   Vol.E88-B   No.10   pp.4081-4082
Publication Date: 2005/10/01
Online ISSN: 
Print ISSN: 0916-8516
Type of Manuscript: LETTER
Category: Fundamental Theories for Communications
Keyword: 
one-time password,  security flaw,  authentication protocol,  

Full Text: PDF(54KB)
>>Buy this Article


Summary: 
SAS-2 is an alternative of a one-time password authentication protocol SAS, and is developed in order to reduce overhead due to the use of hash functions. The idea of both algorithms is sharing a similar secret number called the verifier that allows a client to be authenticated and that is changed for each new session. However, some of the combinations proposed in [1] to transmit the verifier may contain a security flaw, and the insecure combination results in vulnerability to impersonation attacks.