Authentication protocols using Hoover-Kausik's software token

Abstract

In 1999, Hoover and Kausik introduced a software token using the cryptographic camouflage technique and claimed that it can resist various on-line and off-line guessing attacks. Later, Kwon presented an authentication protocol based on the cryptographic camouflage technique and DSA, and pointed out that this initial protocol is vulnerable to an impersonation attack once a server's secret key or private key is compromised. Then, Kwon proposed a modified version that can resist such an impersonation attack by cryptographically embedding the recipient's identity in the user's signature to ensure that only the intended recipient will accept this signature. However, we find that Kwon's modified protocol still has some drawbacks. In this paper, we first demonstrate the drawbacks of Kwon's modified protocol and then propose an improved authentication protocol based on the cryptographic camouflage technique and RSA. Finally, we show that our improved protocol can provide prefect forward secrecy and can resist the off-line guessing attack, the impersonation attack, the replay attack, and the Denning-Sacco attack. Furthermore, the resistance of our improved protocol to the modification attack is also enhanced by additionally using credit-card sized CD-ROMs.