Security analysis of secure password authentication for keystroke dynamics

Hyunsoo Song, Taekyoung Kwon

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Password-based authentication and key distribution are important in today's computing environment. Since passwords are easy to remember for human users, the password-based system is used widely. However, due to the fact that the passwords are chosen from small space, the password-based schemes are more susceptible to various attacks including password guessing attacks. Recently, Choe and Kim proposed a new password authentication scheme for keystroke dynamics. However, in this paper, we cryptanalyze the Choe-Kim scheme and show it is vulnerable to various types of attacks such as server-deception attacks, server-impersonation attacks and password guessing attacks. We also comment on the scheme that more care must be taken when designing password-based schemes and briefly show how the standard like IEEE P1363.2 can be used for strengthening those schemes.

Original languageEnglish
Title of host publicationKnowledge-Based Intelligent Information and Engineering Systems - 10th International Conference, KES 2006, Proceedings
PublisherSpringer Verlag
Pages916-923
Number of pages8
ISBN (Print)3540465359, 9783540465355
Publication statusPublished - 2006 Jan 1
Event10th International Conference on Knowledge-Based Intelligent Information and Engineering Systems, KES 2006 - Bournemouth, United Kingdom
Duration: 2006 Oct 92006 Oct 11

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4251 LNAI - I
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other10th International Conference on Knowledge-Based Intelligent Information and Engineering Systems, KES 2006
CountryUnited Kingdom
CityBournemouth
Period06/10/906/10/11

Fingerprint

Password Authentication
Security Analysis
Password
Authentication
Servers
Attack
Server
Deception
Key Distribution
Strengthening
Computing

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Song, H., & Kwon, T. (2006). Security analysis of secure password authentication for keystroke dynamics. In Knowledge-Based Intelligent Information and Engineering Systems - 10th International Conference, KES 2006, Proceedings (pp. 916-923). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4251 LNAI - I). Springer Verlag.
Song, Hyunsoo ; Kwon, Taekyoung. / Security analysis of secure password authentication for keystroke dynamics. Knowledge-Based Intelligent Information and Engineering Systems - 10th International Conference, KES 2006, Proceedings. Springer Verlag, 2006. pp. 916-923 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{6bc6bcf2ee244bbe889e9e3d13bb15a6,
title = "Security analysis of secure password authentication for keystroke dynamics",
abstract = "Password-based authentication and key distribution are important in today's computing environment. Since passwords are easy to remember for human users, the password-based system is used widely. However, due to the fact that the passwords are chosen from small space, the password-based schemes are more susceptible to various attacks including password guessing attacks. Recently, Choe and Kim proposed a new password authentication scheme for keystroke dynamics. However, in this paper, we cryptanalyze the Choe-Kim scheme and show it is vulnerable to various types of attacks such as server-deception attacks, server-impersonation attacks and password guessing attacks. We also comment on the scheme that more care must be taken when designing password-based schemes and briefly show how the standard like IEEE P1363.2 can be used for strengthening those schemes.",
author = "Hyunsoo Song and Taekyoung Kwon",
year = "2006",
month = "1",
day = "1",
language = "English",
isbn = "3540465359",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "916--923",
booktitle = "Knowledge-Based Intelligent Information and Engineering Systems - 10th International Conference, KES 2006, Proceedings",
address = "Germany",

}

Song, H & Kwon, T 2006, Security analysis of secure password authentication for keystroke dynamics. in Knowledge-Based Intelligent Information and Engineering Systems - 10th International Conference, KES 2006, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4251 LNAI - I, Springer Verlag, pp. 916-923, 10th International Conference on Knowledge-Based Intelligent Information and Engineering Systems, KES 2006, Bournemouth, United Kingdom, 06/10/9.

Security analysis of secure password authentication for keystroke dynamics. / Song, Hyunsoo; Kwon, Taekyoung.

Knowledge-Based Intelligent Information and Engineering Systems - 10th International Conference, KES 2006, Proceedings. Springer Verlag, 2006. p. 916-923 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4251 LNAI - I).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Security analysis of secure password authentication for keystroke dynamics

AU - Song, Hyunsoo

AU - Kwon, Taekyoung

PY - 2006/1/1

Y1 - 2006/1/1

N2 - Password-based authentication and key distribution are important in today's computing environment. Since passwords are easy to remember for human users, the password-based system is used widely. However, due to the fact that the passwords are chosen from small space, the password-based schemes are more susceptible to various attacks including password guessing attacks. Recently, Choe and Kim proposed a new password authentication scheme for keystroke dynamics. However, in this paper, we cryptanalyze the Choe-Kim scheme and show it is vulnerable to various types of attacks such as server-deception attacks, server-impersonation attacks and password guessing attacks. We also comment on the scheme that more care must be taken when designing password-based schemes and briefly show how the standard like IEEE P1363.2 can be used for strengthening those schemes.

AB - Password-based authentication and key distribution are important in today's computing environment. Since passwords are easy to remember for human users, the password-based system is used widely. However, due to the fact that the passwords are chosen from small space, the password-based schemes are more susceptible to various attacks including password guessing attacks. Recently, Choe and Kim proposed a new password authentication scheme for keystroke dynamics. However, in this paper, we cryptanalyze the Choe-Kim scheme and show it is vulnerable to various types of attacks such as server-deception attacks, server-impersonation attacks and password guessing attacks. We also comment on the scheme that more care must be taken when designing password-based schemes and briefly show how the standard like IEEE P1363.2 can be used for strengthening those schemes.

UR - http://www.scopus.com/inward/record.url?scp=33750729209&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33750729209&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:33750729209

SN - 3540465359

SN - 9783540465355

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 916

EP - 923

BT - Knowledge-Based Intelligent Information and Engineering Systems - 10th International Conference, KES 2006, Proceedings

PB - Springer Verlag

ER -

Song H, Kwon T. Security analysis of secure password authentication for keystroke dynamics. In Knowledge-Based Intelligent Information and Engineering Systems - 10th International Conference, KES 2006, Proceedings. Springer Verlag. 2006. p. 916-923. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).