Security analysis of secure password authentication for keystroke dynamics

Hyunsoo Song; Taekyoung Kwon

doi:10.1007/11892960_110

Security analysis of secure password authentication for keystroke dynamics

Hyunsoo Song, Taekyoung Kwon

Graduate School of Information

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Password-based authentication and key distribution are important in today's computing environment. Since passwords are easy to remember for human users, the password-based system is used widely. However, due to the fact that the passwords are chosen from small space, the password-based schemes are more susceptible to various attacks including password guessing attacks. Recently, Choe and Kim proposed a new password authentication scheme for keystroke dynamics. However, in this paper, we cryptanalyze the Choe-Kim scheme and show it is vulnerable to various types of attacks such as server-deception attacks, server-impersonation attacks and password guessing attacks. We also comment on the scheme that more care must be taken when designing password-based schemes and briefly show how the standard like IEEE P1363.2 can be used for strengthening those schemes.

Original language	English
Title of host publication	Knowledge-Based Intelligent Information and Engineering Systems - 10th International Conference, KES 2006, Proceedings
Publisher	Springer Verlag
Pages	916-923
Number of pages	8
ISBN (Print)	3540465359, 9783540465355
DOIs	https://doi.org/10.1007/11892960_110
Publication status	Published - 2006
Event	10th International Conference on Knowledge-Based Intelligent Information and Engineering Systems, KES 2006 - Bournemouth, United Kingdom Duration: 2006 Oct 9 → 2006 Oct 11

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	4251 LNAI - I
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	10th International Conference on Knowledge-Based Intelligent Information and Engineering Systems, KES 2006
Country/Territory	United Kingdom
City	Bournemouth
Period	06/10/9 → 06/10/11

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/11892960_110

Cite this

Song, H., & Kwon, T. (2006). Security analysis of secure password authentication for keystroke dynamics. In Knowledge-Based Intelligent Information and Engineering Systems - 10th International Conference, KES 2006, Proceedings (pp. 916-923). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4251 LNAI - I). Springer Verlag. https://doi.org/10.1007/11892960_110

Song, Hyunsoo ; Kwon, Taekyoung. / Security analysis of secure password authentication for keystroke dynamics. Knowledge-Based Intelligent Information and Engineering Systems - 10th International Conference, KES 2006, Proceedings. Springer Verlag, 2006. pp. 916-923 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{6bc6bcf2ee244bbe889e9e3d13bb15a6,

title = "Security analysis of secure password authentication for keystroke dynamics",

abstract = "Password-based authentication and key distribution are important in today's computing environment. Since passwords are easy to remember for human users, the password-based system is used widely. However, due to the fact that the passwords are chosen from small space, the password-based schemes are more susceptible to various attacks including password guessing attacks. Recently, Choe and Kim proposed a new password authentication scheme for keystroke dynamics. However, in this paper, we cryptanalyze the Choe-Kim scheme and show it is vulnerable to various types of attacks such as server-deception attacks, server-impersonation attacks and password guessing attacks. We also comment on the scheme that more care must be taken when designing password-based schemes and briefly show how the standard like IEEE P1363.2 can be used for strengthening those schemes.",

author = "Hyunsoo Song and Taekyoung Kwon",

year = "2006",

doi = "10.1007/11892960_110",

language = "English",

isbn = "3540465359",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "916--923",

booktitle = "Knowledge-Based Intelligent Information and Engineering Systems - 10th International Conference, KES 2006, Proceedings",

address = "Germany",

note = "10th International Conference on Knowledge-Based Intelligent Information and Engineering Systems, KES 2006 ; Conference date: 09-10-2006 Through 11-10-2006",

}

Song, H & Kwon, T 2006, Security analysis of secure password authentication for keystroke dynamics. in Knowledge-Based Intelligent Information and Engineering Systems - 10th International Conference, KES 2006, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4251 LNAI - I, Springer Verlag, pp. 916-923, 10th International Conference on Knowledge-Based Intelligent Information and Engineering Systems, KES 2006, Bournemouth, United Kingdom, 06/10/9. https://doi.org/10.1007/11892960_110

Security analysis of secure password authentication for keystroke dynamics. / Song, Hyunsoo; Kwon, Taekyoung.

Knowledge-Based Intelligent Information and Engineering Systems - 10th International Conference, KES 2006, Proceedings. Springer Verlag, 2006. p. 916-923 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4251 LNAI - I).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Security analysis of secure password authentication for keystroke dynamics

AU - Song, Hyunsoo

AU - Kwon, Taekyoung

PY - 2006

Y1 - 2006

N2 - Password-based authentication and key distribution are important in today's computing environment. Since passwords are easy to remember for human users, the password-based system is used widely. However, due to the fact that the passwords are chosen from small space, the password-based schemes are more susceptible to various attacks including password guessing attacks. Recently, Choe and Kim proposed a new password authentication scheme for keystroke dynamics. However, in this paper, we cryptanalyze the Choe-Kim scheme and show it is vulnerable to various types of attacks such as server-deception attacks, server-impersonation attacks and password guessing attacks. We also comment on the scheme that more care must be taken when designing password-based schemes and briefly show how the standard like IEEE P1363.2 can be used for strengthening those schemes.

AB - Password-based authentication and key distribution are important in today's computing environment. Since passwords are easy to remember for human users, the password-based system is used widely. However, due to the fact that the passwords are chosen from small space, the password-based schemes are more susceptible to various attacks including password guessing attacks. Recently, Choe and Kim proposed a new password authentication scheme for keystroke dynamics. However, in this paper, we cryptanalyze the Choe-Kim scheme and show it is vulnerable to various types of attacks such as server-deception attacks, server-impersonation attacks and password guessing attacks. We also comment on the scheme that more care must be taken when designing password-based schemes and briefly show how the standard like IEEE P1363.2 can be used for strengthening those schemes.

UR - http://www.scopus.com/inward/record.url?scp=33750729209&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33750729209&partnerID=8YFLogxK

U2 - 10.1007/11892960_110

DO - 10.1007/11892960_110

M3 - Conference contribution

AN - SCOPUS:33750729209

SN - 3540465359

SN - 9783540465355

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 916

EP - 923

BT - Knowledge-Based Intelligent Information and Engineering Systems - 10th International Conference, KES 2006, Proceedings

PB - Springer Verlag

T2 - 10th International Conference on Knowledge-Based Intelligent Information and Engineering Systems, KES 2006

Y2 - 9 October 2006 through 11 October 2006

ER -

Song H, Kwon T. Security analysis of secure password authentication for keystroke dynamics. In Knowledge-Based Intelligent Information and Engineering Systems - 10th International Conference, KES 2006, Proceedings. Springer Verlag. 2006. p. 916-923. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/11892960_110

Security analysis of secure password authentication for keystroke dynamics

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this