Off-Line Dictionary Attack on Password-Based Authenticated Key Exchange Protocols

Off-Line Dictionary Attack on Password-Based Authenticated Key Exchange Protocols

导出

摘要 In 2010,Lee et al proposed two simple and efficient three-party password-authenticated key exchange protocols that had been proven secure in the random oracle model.They argued that the two protocols could resist offline dictionary attacks.Indeed,the provable approach did not provide protection against off-line dictionary attacks.This paper shows that the two protocols are vulnerable to off-line dictionary attacks in the presence of an inside attacker because of an authentication flaw.This study conducts a detailed analysis on the flaw in the protocols and also shows how to eliminate the security flaw. In 2010,Lee et al proposed two simple and efficient three-party password-authenticated key exchange protocols that had been proven secure in the random oracle model.They argued that the two protocols could resist offline dictionary attacks.Indeed,the provable approach did not provide protection against off-line dictionary attacks.This paper shows that the two protocols are vulnerable to off-line dictionary attacks in the presence of an inside attacker because of an authentication flaw.This study conducts a detailed analysis on the flaw in the protocols and also shows how to eliminate the security flaw.

作者 XU Chungen YANG Yanjiong

机构地区 Department of Applied Mathematics Zijin College

出处《Wuhan University Journal of Natural Sciences》 CAS 2012年第6期468-472,共5页 武汉大学学报（自然科学英文版）

基金 Supported by the Natural Science Foundation of Jiangsu Province (Key Program) (BK2011023)

关键词 key exchange PASSWORD OFF-LINE dictionary attack provable security key exchange password off-line dictionary attack provable security

分类号 TP309 [自动化与计算机技术—计算机系统结构]

引文网络
相关文献

参考文献18

1Bellovin S, Merritt M. Encrypted key exchange: Passwords based protocols secure against dictionary attacks [C]//Proceedings of the IEEE Symposium on Security and Privacy. Washington D C: IEEE Press, 1992: 72-84.
2DENG Shaofeng LI Yifa DENG Yiqun.An Efficient Two-Party Key Exchange Protocol with Strong Security[J].Wuhan University Journal of Natural Sciences,2010,15(3):267-271. 被引量：2
3Wen H A, Lin C L, Hwang T. Provably secure authenticated key exchange protocols for low power computing clients [J]. Computers Security, 2006, 25(2): 106-113.
4Abdalla M, Pointcheval D. Interactive Diffie-Hellman assumptions with applications to password-based authentication [C]//Proc of Financial Cryptography and Data Security 2005(LNCS 3570). Berlin: Springer- Verlag, 2005: 341-356.
5Abdalla M, Fouque P A, Poimcheval D. Password-based authenticated key exchange in the three-party setting [C]//Proc of the PKC'05(LNCS 3386). Berlin: Springer-Verlag, 2005: 65-84.
6Bellare M, Pointcheval D, Rogaway P. Authenticated key exchange secure against dictionary attacks [C]//Advances in Cryptology-Eurocrypt. Berlin: Springer-Verlag, 2000: 139- 155.
7Bellare M, Rogaway P. Provably secure sessioa key distribution-the three party case [C]//Proc of27th ACMSymposium on Theory of Computing (STOC'95). New York: ACM Press, 1995: 57-66.
8Nam J, Lee Y, Kim Set al. Security weakness in a three- party pairing-based protocol for password authenticated key exchange [J]. Information Sciences, 2007, 177(6): 1364-1375.
9Lu R, Cao Z. Simple three-party key exchange protocol [J]. Computers and Security, 2007, 26(1 ): 94-97.
10Abdalla M, Pointcheval D. Simple password-based encrypted key exchange protocols [C]//Proceedings of the CT-RSA '05, (LNCS 3376). Berlin: Springer-Verlag, 2005: 191-208.

二级参考文献5

1王圣宝,曹珍富,董晓蕾.标准模型下可证安全的身份基认证密钥协商协议[J].计算机学报,2007,30(10):1842-1852. 被引量：42
2刘淳,刘建伟,张其善,李晖.一种无证书Ad hoc密钥管理与认证模型[J].西安电子科技大学学报,2007,34(6):974-979. 被引量：5
3田海博,Willy Susilo,明洋,王育民.A Provable Secure ID-Based Explicit Authenticated Key Agreement Protocol Without Random Oracles[J].Journal of Computer Science & Technology,2008,23(5):832-842. 被引量：4
4胡荣磊,刘建伟,张其善.基于簇的ad hoc网络密钥管理方案[J].通信学报,2008,29(10):223-228. 被引量：4
5唐文,南相浩,陈钟.基于椭圆曲线密码系统的组合公钥技术[J].计算机工程与应用,2003,39(21):1-3. 被引量：25

共引文献1

1Vivek Kumar Sinha,Divya Anand,Fahd S.Alharithi,Ahmed H.Almulihi.A Secure Three-Party Authenticated Key Exchange Protocol for Social Networks[J].Computers, Materials & Continua,2022(6):6293-6305.

1吴玺宏,罗定生.信息时代的身份认证[J].电子世界,2004(2):4-7. 被引量：3
2王小玲.内存技术所带来的变革[J].信息系统工程,2014,27(7):112-112.
3徐砚,王文胜.基于移动IP认证缺陷的DoS攻击及其防范[J].信息安全与通信保密,2008,30(2):76-78. 被引量：1
4Guo Tianrui and Du Yifei.On－line　and　Off－line　Data　Acquisition　System　with　Microcomputer　Tape　Recorder[J].IMP & HIRFL Annual Report,1994(0):48-49.
5LIU Jianwei,LIU Jianhua,QIU Xiufeng.A Proxy Blind Signature Scheme and an Off-Line Electronic Cash Scheme[J].Wuhan University Journal of Natural Sciences,2013,18(2):117-125. 被引量：4
6朱艺华,叶枫,胥琳.移动计算环境数据同步更新研究[J].计算机工程与应用,2001,37(14):113-114. 被引量：1
7UPS的分类[J].电源世界,2006(4):59-59.
8罗乃维,叶国晖.Simple Three-Party Password Authenticated Key Exchange Protocol[J].Journal of Shanghai Jiaotong university(Science),2011,16(5):600-603. 被引量：1
9Mark G.Karpovsky.SPECTRAL TECHNIQUES FOR OFF-LINE TESTING AND DIAGNOSIS OF COMPUTER SYSTEMS[J].Analysis in Theory and Applications,1998,14(3):55-72.
10朱旭松,黄琼,赵一鸣,常江.身份认证协议的新安全属性[J].计算机应用与软件,2008,25(5):7-9.

Wuhan University Journal of Natural Sciences

2012年第6期

浏览历史

内容加载中请稍等...

Off-Line Dictionary Attack on Password-Based Authenticated Key Exchange Protocols

参考文献18

二级参考文献5

共引文献1

相关作者

相关机构

相关主题

浏览历史