On the Security of PAS (Predicate-based Authentication Service)
Tools
Tools
Tools
Li, SJ, Asghar, HJ, Pieprzyk, J, Sadeghi, AR, Schmitz, R and Wang, HX (2009) On the Security of PAS (Predicate-based Authentication Service) In: 25th Annual Computer Security Applications Conference (ACSAC 2009), 2009-12-07 - 2009-12-11, Honolulu, HI, USA.
![[img]](http://epubs.surrey.ac.uk/style/images/fileicons/text.png)
|
Text
ACSAC2009.pdf Available under License : See the attached licence file. Download (358kB) |
|
|
Text (licence)
SRI_deposit_agreement.pdf Download (33kB) |
Official URL: http://dx.doi.org/10.1109/ACSAC.2009.27
Abstract
Recently a new human authentication scheme called PAS (predicate-based authentication service) was proposed, which does not require the assistance of any supplementary device. The main security claim of PAS is to resist passive adversaries who can observe the whole authentication session between the human user and the remote server. In this paper we give a detailed security analysis of PAS and show that PAS is insecure against both brute force attack and a probabilistic attack. In particular we show that PAS security against brute force attack was strongly overestimated. Furthermore, we introduce a probabilistic attack, which breaks part of the password even with a very small number of observed authentication sessions. Although the proposed attack cannot completely break the password, it can downgrade the PAS system to a much weaker system similar to common OTP (one-time password) systems.
| Item Type: | Conference or Workshop Item (Conference Paper) | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Divisions : | Faculty of Engineering and Physical Sciences > Computing Science | |||||||||||||||||||||
| Authors : |
|
|||||||||||||||||||||
| Date : | 2009 | |||||||||||||||||||||
| DOI : | 10.1109/ACSAC.2009.27 | |||||||||||||||||||||
| Contributors : |
|
|||||||||||||||||||||
| Uncontrolled Keywords : | PAS, authentication, Matsumoto-Imai threat model, attack, security, usability, OTP (one-time password), HUMAN IDENTIFICATION | |||||||||||||||||||||
| Related URLs : | ||||||||||||||||||||||
| Additional Information : | © 2009 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. | |||||||||||||||||||||
| Depositing User : | Symplectic Elements | |||||||||||||||||||||
| Date Deposited : | 24 Sep 2014 13:54 | |||||||||||||||||||||
| Last Modified : | 31 Oct 2017 14:35 | |||||||||||||||||||||
| URI: | http://epubs.surrey.ac.uk/id/eprint/532447 |
Actions (login required)
 |
View Item |
Downloads
Downloads per month over past year