Summary
|
For Full-Text PDF, please login, if you are a member of IEICE, or go to Pay Per View on menu list, if you are a nonmember of IEICE. |
|
Security Flaw in SAS-2 Protocol Eddy CIZERON Hirohisa AMAN Hiroshi KAI Matu-Tarow NODA Publication IEICE TRANSACTIONS on Communications Vol.E88-B No.10 pp.4081-4082 Publication Date: 2005/10/01 Online ISSN: DOI: 10.1093/ietcom/e88-b.10.4081 Print ISSN: 0916-8516 Type of Manuscript: LETTER Category: Fundamental Theories for Communications Keyword: one-time password, security flaw, authentication protocol, Full Text: PDF(54KB)>>
Summary: SAS-2 is an alternative of a one-time password authentication protocol SAS, and is developed in order to reduce overhead due to the use of hash functions. The idea of both algorithms is sharing a similar secret number called the verifier that allows a client to be authenticated and that is changed for each new session. However, some of the combinations proposed in [1] to transmit the verifier may contain a security flaw, and the insecure combination results in vulnerability to impersonation attacks. | |||||
|
