K. Marimuthu, D. Ganesh Gopal, S. Aditya, Varun Mittal
{"title":"Cryptanalysis of oPass","authors":"K. Marimuthu, D. Ganesh Gopal, S. Aditya, Varun Mittal","doi":"10.1109/ICACCCT.2014.7019457","DOIUrl":null,"url":null,"abstract":"The security of oPass: A User Authentication Protocol Resistant to Password Stealing and Password Reuse Attacks proposed by H.M.Sun et al. in IEEE Transactions on Information Forensics and Security, Vol.7, No.2, April 2012 is analyzed. Upon completion of the analysis of the paper, four kinds of attacks SMS service, attacks on oPass communication links, unauthorised intruder access using the master password and Network attacks on untrusted web browser are identified in different scenarios. Thus, we proved that oPass proposed by H.M.Sun et al. is not suitable for practical application.","PeriodicalId":239918,"journal":{"name":"2014 IEEE International Conference on Advanced Communications, Control and Computing Technologies","volume":"43 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-05-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 IEEE International Conference on Advanced Communications, Control and Computing Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICACCCT.2014.7019457","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
The security of oPass: A User Authentication Protocol Resistant to Password Stealing and Password Reuse Attacks proposed by H.M.Sun et al. in IEEE Transactions on Information Forensics and Security, Vol.7, No.2, April 2012 is analyzed. Upon completion of the analysis of the paper, four kinds of attacks SMS service, attacks on oPass communication links, unauthorised intruder access using the master password and Network attacks on untrusted web browser are identified in different scenarios. Thus, we proved that oPass proposed by H.M.Sun et al. is not suitable for practical application.
本文分析了H.M.Sun等人在IEEE Transactions on Information Forensics and security, Vol.7, No.2, 2012年4月提出的oPass:一种抗密码窃取和密码重用攻击的用户认证协议。在完成本文的分析后,在不同的场景下识别出四种攻击:短信服务攻击、对oPass通信链路的攻击、未经授权的入侵者使用主密码访问和对不受信任的web浏览器的网络攻击。因此,我们证明了H.M.Sun等人提出的oPass并不适合实际应用。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
