Fanbao Liu scite author profile

Fanbao Liu

5Publications

10Citation Statements Received

82Citation Statements Given

How they've been cited

How they cite others

Affiliations

National University of Defense Technology, Beijing University of Technology

Publications

Order By: Most citations

Fast password recovery attack: application to APOP

Liu

Xie

et al. 2012

J Intell Manuf

View full text Add to dashboard Cite

Abstract. In this paper, we propose a fast password recovery attack to APOP application in local which can recover a password with 11 characters in less than one minute, recover a password with 31 characters extremely fast, about 4 minutes, and for 43 characters in practical time. These attacks truly simulate the practical password recovery attacks launched by malware in real life, and further confirm that the security of APOP is totally broken. To achieve these dramatical improvements, we propose a group satisfaction scheme, apply the divide-and-conquer strategy and a new suitable MD5 collision attack to greatly reduce the computational complexity in collision searching with high number of chosen bits. The average time of generating an "IV Bridge" is optimized to 0.17 second on ordinary PC, the average time of generating collision pairs for recovering passwords up to 11 characters is about 0.08 second, for 31 characters is about 0.15 second, for 39 characters is about 4.13 seconds, for 43 characters is about 20 seconds, and collisions for recovering passwords as long as 67 characters can be theoretically generated. These techniques can be further applied to reduce the complexity of producing a 1-bit-free collisions for recovering the first 11 characters, whose main target is that to reduce the number of challenges generated in APOP attack, to about 2 36 MD5 compressions.

show abstract

On the Security of Digest Access Authentication

Liu

2011

View full text Add to dashboard Cite

Electronic Voting: A Review and Taxonomy

Feng

Tian

Liu

et al. 2012

View full text Add to dashboard Cite

On the security of PPPoE network

Liu

Xie

Feng

et al. 2012

Security Comm Networks

View full text Add to dashboard Cite

Point‐to‐Point Protocol over Ethernet (PPPoE) is a network protocol for encapsulating PPP frames inside Ethernet frames. It is widely used by commercial Internet service providers to provide Internet surfing for customers who pay bills. In this paper, we analyze the security of PPPoE network. We find that we can easily collect information about both the peers and the PPPoE authentication servers. We can use such information to recover the peer's authentication password by silently impersonating the server, which is undetectable in the network. We impersonate the server in the peers' LAN and get their passwords by hijacking the peers' PPPoE connections and negotiating for using the Password Authentication Protocol (PAP). We further propose an efficient password recovery attack against the Challenge‐Handshake Authentication Protocol (CHAP). We first recover the length of the used password through on‐line queries, based on the weakness of MD5 input pre‐processing. Then, we crack the known‐length password off‐line, using the probabilistic context‐free grammars. We point out that PPPoE cannot be used anymore until all of the weak authentication protocols including PAP, CHAP, and Microsoft CHAP are abolished right now and replaced with more secure Extensible Authentication Protocols. Copyright © 2012 John Wiley & Sons, Ltd.

show abstract

A General Way to Break Hash-based Challenge-and-Response

Liu

Chen

Dong³

2012

View full text Add to dashboard Cite

Hash-based challenge-and-response protocols are widely used as an authentication scheme in network applications. The authenticator sends a random string as a challenge to the peer, the peer generates a response with a hash function on a pre-shared password combined the received challenge. In this paper, we propose a general and efficient way to break some prevalent hash-based challengeand-response protocols in use. These protocols are vulnerable to the chosen challenge attack launched by a malicious user, who impersonates the server. We first generate a rainbow table containing hash values of all possible passwords, which is produced by hashing a pre-chosen challenge concatenated with all possible password candidates. Second, we impersonate the authenticator and send the pre-chosen challenge to the peer. Finally, we look up in the rainbow table for the received response from the peer to crack the password. With this tactic, we can do the cost consuming pre-computation once, and then we can always use it to recover all of the peer's passwords with only one additional on-line query.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Fanbao Liu

Fast password recovery attack: application to APOP

On the Security of Digest Access Authentication

Electronic Voting: A Review and Taxonomy

On the security of PPPoE network

A General Way to Break Hash-based Challenge-and-Response

Contact Info

Product

Resources

About