For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
Security Flaw in SAS-2 Protocol
IEICE TRANSACTIONS on Communications
Publication Date: 2005/10/01
Print ISSN: 0916-8516
Type of Manuscript: LETTER
Category: Fundamental Theories for Communications
one-time password, security flaw, authentication protocol,
Full Text: PDF(54KB)>>
SAS-2 is an alternative of a one-time password authentication protocol SAS, and is developed in order to reduce overhead due to the use of hash functions. The idea of both algorithms is sharing a similar secret number called the verifier that allows a client to be authenticated and that is changed for each new session. However, some of the combinations proposed in  to transmit the verifier may contain a security flaw, and the insecure combination results in vulnerability to impersonation attacks.