An improvement of the password-based authentication protocol (KIP) on security against replay attacks

Taekyoung Kwon, Myeongho Kang, Sangjoon Jung, Jooseok Song

Research output: Contribution to journalArticlepeer-review

48 Citations (Scopus)


Authentication protocols are necessary for the receiver of a message to ascertain its origin in a distributed environment. Since they exchange cryptographic messages at the beginning of communication, their security is an essential requirement. However, most of the protocols have suffered from several kinds of attacks. A replay attack is one kind of those attacks. Attackers could launch it easily by replaying an eavesdropped message. Moreover, there are many types of replay attacks while most of the formal methods are not capable of detecting them. [3] classified various kinds of replay attacks and proposed a taxonomy. Therefore, it is necessary to verify authentication protocols deliberately with such a taxonomy for a basis. In this paper, at first, we give a clear definition and several remarks on replay attacks. Secondly we review the taxonomy of replay attacks presented in [3], and comment on its minor mistake. Finally we examine on the basis of the taxonomy the password-based authentication protocol, KIP, which was proposed in our earlier papers [1],[2] for protecting weak secrets efficiently. As a result of the examination, we have found that three way mutual KIP shown in [2] was vulnerable to one of replay attacks. Therefore, we improve three way KIP on security against the replay attack. Improved three way KIP is secure against replay attacks as well as guessing attacks and therefore it may be useful for security services of various communication networks.

Original languageEnglish
Pages (from-to)991-997
Number of pages7
JournalIEICE Transactions on Communications
Issue number7
Publication statusPublished - 1999

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications
  • Electrical and Electronic Engineering


Dive into the research topics of 'An improvement of the password-based authentication protocol (KIP) on security against replay attacks'. Together they form a unique fingerprint.

Cite this