In 2004, Tsuji and Shimizu proposed a one-time password authentication protocol, named 2GR (Two-Gene-Relation password authentication protocol). The design goal of the 2GR protocol is to eliminate the stolen-verifier attack on SAS-2 (Simple And Secure password authentication protocol, ver.2) and the theft attack on ROSI (RObust and SImple password authentication protocol). Tsuji and Shimizu claimed that in the 2GR an attacker who has stolen the verifiers from the server cannot impersonate a legitimate user. This paper, however, will point out that the 2GR protocol is still vulnerable to an impersonation attack, in which any attacker can, without stealing the verifiers, masquerade as a legitimate user.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Chun-Li LIN, Ching-Po HUNG, "Impersonation Attack on Two-Gene-Relation Password Authentication Protocol (2GR)" in IEICE TRANSACTIONS on Communications,
vol. E89-B, no. 12, pp. 3425-3427, December 2006, doi: 10.1093/ietcom/e89-b.12.3425.
Abstract: In 2004, Tsuji and Shimizu proposed a one-time password authentication protocol, named 2GR (Two-Gene-Relation password authentication protocol). The design goal of the 2GR protocol is to eliminate the stolen-verifier attack on SAS-2 (Simple And Secure password authentication protocol, ver.2) and the theft attack on ROSI (RObust and SImple password authentication protocol). Tsuji and Shimizu claimed that in the 2GR an attacker who has stolen the verifiers from the server cannot impersonate a legitimate user. This paper, however, will point out that the 2GR protocol is still vulnerable to an impersonation attack, in which any attacker can, without stealing the verifiers, masquerade as a legitimate user.
URL: https://global.ieice.org/en_transactions/communications/10.1093/ietcom/e89-b.12.3425/_p
Copy
@ARTICLE{e89-b_12_3425,
author={Chun-Li LIN, Ching-Po HUNG, },
journal={IEICE TRANSACTIONS on Communications},
title={Impersonation Attack on Two-Gene-Relation Password Authentication Protocol (2GR)},
year={2006},
volume={E89-B},
number={12},
pages={3425-3427},
abstract={In 2004, Tsuji and Shimizu proposed a one-time password authentication protocol, named 2GR (Two-Gene-Relation password authentication protocol). The design goal of the 2GR protocol is to eliminate the stolen-verifier attack on SAS-2 (Simple And Secure password authentication protocol, ver.2) and the theft attack on ROSI (RObust and SImple password authentication protocol). Tsuji and Shimizu claimed that in the 2GR an attacker who has stolen the verifiers from the server cannot impersonate a legitimate user. This paper, however, will point out that the 2GR protocol is still vulnerable to an impersonation attack, in which any attacker can, without stealing the verifiers, masquerade as a legitimate user.},
keywords={},
doi={10.1093/ietcom/e89-b.12.3425},
ISSN={1745-1345},
month={December},}
Copy
TY - JOUR
TI - Impersonation Attack on Two-Gene-Relation Password Authentication Protocol (2GR)
T2 - IEICE TRANSACTIONS on Communications
SP - 3425
EP - 3427
AU - Chun-Li LIN
AU - Ching-Po HUNG
PY - 2006
DO - 10.1093/ietcom/e89-b.12.3425
JO - IEICE TRANSACTIONS on Communications
SN - 1745-1345
VL - E89-B
IS - 12
JA - IEICE TRANSACTIONS on Communications
Y1 - December 2006
AB - In 2004, Tsuji and Shimizu proposed a one-time password authentication protocol, named 2GR (Two-Gene-Relation password authentication protocol). The design goal of the 2GR protocol is to eliminate the stolen-verifier attack on SAS-2 (Simple And Secure password authentication protocol, ver.2) and the theft attack on ROSI (RObust and SImple password authentication protocol). Tsuji and Shimizu claimed that in the 2GR an attacker who has stolen the verifiers from the server cannot impersonate a legitimate user. This paper, however, will point out that the 2GR protocol is still vulnerable to an impersonation attack, in which any attacker can, without stealing the verifiers, masquerade as a legitimate user.
ER -