Security Flaw in SAS-2 Protocol

Hirohisa AMAN
Hiroshi KAI
Matu-Tarow NODA

IEICE TRANSACTIONS on Communications   Vol.E88-B    No.10    pp.4081-4082
Publication Date: 2005/10/01
Online ISSN: 
DOI: 10.1093/ietcom/e88-b.10.4081
Print ISSN: 0916-8516
Type of Manuscript: LETTER
Category: Fundamental Theories for Communications
one-time password,  security flaw,  authentication protocol,  

Full Text: PDF(54KB)>>
Buy this Article

SAS-2 is an alternative of a one-time password authentication protocol SAS, and is developed in order to reduce overhead due to the use of hash functions. The idea of both algorithms is sharing a similar secret number called the verifier that allows a client to be authenticated and that is changed for each new session. However, some of the combinations proposed in [1] to transmit the verifier may contain a security flaw, and the insecure combination results in vulnerability to impersonation attacks.