University of Surrey

Test tubes in the lab Research in the ATI Dance Research

On the Security of PAS (Predicate-based Authentication Service)

Li, SJ, Asghar, HJ, Pieprzyk, J, Sadeghi, AR, Schmitz, R and Wang, HX (2009) On the Security of PAS (Predicate-based Authentication Service) In: 25th Annual Computer Security Applications Conference (ACSAC 2009), 2009-12-07 - 2009-12-11, Honolulu, HI, USA.

Available under License : See the attached licence file.

Download (358kB)
Text (licence)

Download (33kB)


Recently a new human authentication scheme called PAS (predicate-based authentication service) was proposed, which does not require the assistance of any supplementary device. The main security claim of PAS is to resist passive adversaries who can observe the whole authentication session between the human user and the remote server. In this paper we give a detailed security analysis of PAS and show that PAS is insecure against both brute force attack and a probabilistic attack. In particular we show that PAS security against brute force attack was strongly overestimated. Furthermore, we introduce a probabilistic attack, which breaks part of the password even with a very small number of observed authentication sessions. Although the proposed attack cannot completely break the password, it can downgrade the PAS system to a much weaker system similar to common OTP (one-time password) systems.

Item Type: Conference or Workshop Item (Conference Paper)
Divisions : Faculty of Engineering and Physical Sciences > Computing Science
Authors :
Li, SJ
Asghar, HJ
Pieprzyk, J
Sadeghi, AR
Schmitz, R
Wang, HX
Date : 2009
DOI : 10.1109/ACSAC.2009.27
Contributors :
ContributionNameEmailORCID Computer Society,
Uncontrolled Keywords : PAS, authentication, Matsumoto-Imai threat model, attack, security, usability, OTP (one-time password), HUMAN IDENTIFICATION
Related URLs :
Additional Information : © 2009 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Depositing User : Symplectic Elements
Date Deposited : 24 Sep 2014 13:54
Last Modified : 31 Oct 2017 14:35

Actions (login required)

View Item View Item


Downloads per month over past year

Information about this web site

© The University of Surrey, Guildford, Surrey, GU2 7XH, United Kingdom.
+44 (0)1483 300800