The Influence On Security Of Challenge-response Authentication By Collision Hash

This paper describes the concepts of Entity Authentication and its classification and the techniques used in it, especially challenge-response authentication, and the properties of hash function. Then we analyze the influence on the security of challenge-response authentication by collision of hash from two aspects.First, from the communication procedure of challenge-response authentication, we proposed several attacks on the protocol using collision: direct storage attack, identity forgery attack and a "replay" attack. As long as there is an effective search algorithm that can search the unknown key collision of MAC, one can use our proposed attacks against the protocol.Second, from the research of MAC, we summarized the key recovery attack on iterated MAC by using collision of hash. Through the analysis of algorithm complexity on a variety of attacks, we concluded that the complexity of the key recovery attack algorithm depends on the complexity of the collision search algorithm, no matter what kind of key recovery method was applied.From the above two areas of discussion, we concluded that collision of hash will threat the security of challenge-response authentication.