Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ACSAC
2009
IEEE
2009
IEEE
On the Security of PAS (Predicate-Based Authentication Service)
—Recently a new human authentication scheme called PAS (predicate-based authentication service) was proposed, which does not require the assistance of any supplementary device. The main security claim of PAS is to resist passive adversaries who can observe the whole authentication session between the human user and the remote server. In this paper we show that PAS is insecure against both brute force attack and a probabilistic attack. In particular, we show that its security against brute force attack was strongly overestimated. Furthermore, we introduce a probabilistic attack, which can break part of the password even with a very small number of observed authentication sessions. Although the proposed attack cannot completely break the password, it can downgrade the PAS system to a much weaker system similar to common OTP (one-time password) systems. Keywords-PAS; authentication; Matsumoto-Imai threat model; attack; security; usability; OTP (one-time password);
Real-time Traffic| Added | 18 May 2010 |
| Updated | 18 May 2010 |
| Type | Conference |
| Year | 2009 |
| Where | ACSAC |
| Authors | Shujun Li, Hassan Jameel Asghar, Josef Pieprzyk, Ahmad-Reza Sadeghi, Roland Schmitz, Huaxiong Wang |
Comments (0)
Researcher Info
|
