Dictionary Attacks against Password-Based Authenticated Three-Party Key Exchange Protocols

被引：10

作者：

Nam, Junghyun ^{[1
]}

Choo, Kim-Kwang Raymond ^{[2
]}

Kim, Moonseong ^{[3
]}

Paik, Juryon ^{[4
]}

Won, Dongho ^{[4
]}

机构：

[1] Konkuk Univ, Dept Comp Engn, Seoul, South Korea

[2] Univ S Australia, Adv Comp Res Ctr, Informat Assurance Res Grp, Adelaide, SA 5001, Australia

[3] Korean Intellectual Property Off, Informat & Commun Examinat Bur, Taejon, South Korea

[4] Sungkyunkwan Univ, Dept Comp Engn, Seoul, South Korea

来源：

KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS | 2013年 / 7卷 / 12期

基金：

新加坡国家研究基金会;

关键词：

Password-based authenticated key exchange (PAKE); three-party key exchange; password security; offline dictionary attack; undetectable online dictionary attack; SECURITY; CRYPTANALYSIS; PROOFS;

D O I：

10.3837/tiis.2013.12.016

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

A three-party password-based authenticated key exchange (PAKE) protocol allows two clients registered with a trusted server to generate a common cryptographic key from their individual passwords shared only with the server. A key requirement for three-party PAKE protocols is to prevent an adversary from mounting a dictionary attack. This requirement must be met even when the adversary is a malicious (registered) client who can set up normal protocol sessions with other clients. This work revisits three existing three-party PAKE protocols, namely, Guo et al.'s (2008) protocol, Huang's (2009) protocol, and Lee and Hwang's (2010) protocol, and demonstrates that these protocols are not secure against offline and/or (undetectable) online dictionary attacks in the presence of a malicious client. The offline dictionary attack we present against Guo et al.'s protocol also applies to other similar protocols including Lee and Hwang's protocol. We conclude with some suggestions on how to design a three-party PAKE protocol that is resistant against dictionary attacks

引用

页码：3244 / 3260

页数：17

共 50 条

[31] Robust biometric-based three-party authenticated key establishment protocols
Yoon, Eun-Jun
Yoo, Kee-Young
INTERNATIONAL JOURNAL OF COMPUTER MATHEMATICS, 2011, 88 (06) : 1144 - 1157
[32] Post-quantum verifier-based three-party password authenticated key exchange protocol
Lian H.
Hou H.
Zhao Y.
Tongxin Xuebao/Journal on Communications, 2022, 43 (04): : 95 - 106
[33] Weaknesses of a Verifier-based Password-authenticated Key Exchange Protocol in the Three-party Setting
Pu, Qiong
Liu, Wei
2009 INTERNATIONAL CONFERENCE ON RESEARCH CHALLENGES IN COMPUTER SCIENCE, ICRCCS 2009, 2009, : 3 - 6
[34] A provably secure and efficient two-party password-based explicit authenticated key exchange protocol resistance to password guessing attacks
Farash, Mohammad Sabzinejad
Islam, S. K. Hafizul
Obaidat, Mohammad S.
CONCURRENCY AND COMPUTATION-PRACTICE & EXPERIENCE, 2015, 27 (17) : 4897 - 4913
[35] An efficient three-party password-based key agreement protocol using extended chaotic maps
Shu Jian
CHINESE PHYSICS B, 2015, 24 (06)
[36] Universally Composable Three Party Password-based Key Exchange Protocol
Deng Miaolei
Ma Jianfeng
Le Fulong
CHINA COMMUNICATIONS, 2009, 6 (03) : 150 - 155
[37] Universally Composable Three Party Password-based Key Exchange Protocol
Deng Miaolei 1
中国通信, 2009, 6 (03) : 150 - 155
[38] Threshold password-based authenticated key exchange using matrix
Park, Chanil
Lee, Soojin
Yoon, Hyunsoo
3RD INTERNATIONAL CONFERENCE ON COMPUTING, COMMUNICATIONS AND CONTROL TECHNOLOGIES, VOL 3, PROCEEDINGS, 2005, : 39 - 43
[39] An Enhanced and Secure Three-party Password-based Authenticated Key Exchange Protocol without Using Server's Public-Keys and Symmetric Cryptosystems
Farash, Mohammad Sabzinejad
Attari, Mahmoud Ahmadian
INFORMATION TECHNOLOGY AND CONTROL, 2014, 43 (02): : 143 - 150
[40] Round-Optimal Password-Based Authenticated Key Exchange
Katz, Jonathan
Vaikuntanathan, Vinod
JOURNAL OF CRYPTOLOGY, 2013, 26 (04) : 714 - 743

← 1 2 3 4 5 →