College of Computing, Engineering & Construction
Master of Science in Computer and Information Sciences (MS)
NACO controlled Corporate Body
University of North Florida. School of Computing
Dr. Swapnoneel Roy
Dr. Asai Asaithambi
Dr. Sandeep Reddivari
Dr. Anand Seetharam
Dr. Sherif Elfayoumy
Dr. Mark Tumeo
In this thesis, the author hypothesizes that the use of computationally intensive mathematical operations in password authentication protocols can lead to security vulnerabilities in those protocols. In order to test this hypothesis: 1. A generalized algorithm for cryptanalysis was formulated to perform a clogging attack (a formof denial of service) on protocols that use computationally intensive modular exponentiation to guarantee security. 2. This technique was then applied to cryptanalyze four recent password authentication protocols, to determine their susceptibility to the clogging attack. The protocols analyzed in this thesis differ in their usage of factors (smart cards, memory drives, etc.) or their method of communication (encryption, nonces, timestamps, etc.). Their similarity lies in their use of computationally intensivemodular exponentiation as amediumof authentication. It is concluded that the strengths of all the protocols studied in this thesis can be combined tomake each of the protocols secure from the clogging attack. The conclusion is supported by designing countermeasures for each protocol against the clogging attack.
Garrett, Keith, "Vulnerabililty Analysis of Multi-Factor Authentication Protocols" (2016). UNF Graduate Theses and Dissertations. 715.