In 2010,Lee et al proposed two simple and efficient three-party password-authenticated key exchange protocols that had been proven secure in the random oracle model.They argued that the two protocols could resist offl...In 2010,Lee et al proposed two simple and efficient three-party password-authenticated key exchange protocols that had been proven secure in the random oracle model.They argued that the two protocols could resist offline dictionary attacks.Indeed,the provable approach did not provide protection against off-line dictionary attacks.This paper shows that the two protocols are vulnerable to off-line dictionary attacks in the presence of an inside attacker because of an authentication flaw.This study conducts a detailed analysis on the flaw in the protocols and also shows how to eliminate the security flaw.展开更多
To tackle with the security lack in the password-authenticated key exchange protocol, this paper proposes a two-party password-authenticated key exchange protocol based on a verifier. In the proposed protocol, a user ...To tackle with the security lack in the password-authenticated key exchange protocol, this paper proposes a two-party password-authenticated key exchange protocol based on a verifier. In the proposed protocol, a user stores his password in plaintext, and the server stores a verifier for the user’s password, using DL difficult problem and DH difficult problem, through the session between user and server to establish a session key. The security discussion result shows that the proposed protocol provides forward secrecy, and can effectively defend against server compromising fake attacks, dictionary attacks and middleman attacks. Protocol efficiency comparisons reveal our protocol is more reasonable.展开更多
Three-party password authenticated key exchange (3PAKE) protocol plays a significant role in the history of secure communication area in which two clients agree a robust session key in an authentic manner based on pas...Three-party password authenticated key exchange (3PAKE) protocol plays a significant role in the history of secure communication area in which two clients agree a robust session key in an authentic manner based on passwords. In recent years, researchers focused on developing simple 3PAKE (S-3PAKE) protocol to gain system e?ciency while preserving security robustness for the system. In this study, we first demonstrate how an undetectable on-line dictionary attack can be successfully applied over three existing S-3PAKE schemes. An error correction code (ECC) based S-3PAKE protocol is then introduced to eliminate the identified authentication weakness.展开更多
基金Supported by the Natural Science Foundation of Jiangsu Province (Key Program) (BK2011023)
文摘In 2010,Lee et al proposed two simple and efficient three-party password-authenticated key exchange protocols that had been proven secure in the random oracle model.They argued that the two protocols could resist offline dictionary attacks.Indeed,the provable approach did not provide protection against off-line dictionary attacks.This paper shows that the two protocols are vulnerable to off-line dictionary attacks in the presence of an inside attacker because of an authentication flaw.This study conducts a detailed analysis on the flaw in the protocols and also shows how to eliminate the security flaw.
文摘To tackle with the security lack in the password-authenticated key exchange protocol, this paper proposes a two-party password-authenticated key exchange protocol based on a verifier. In the proposed protocol, a user stores his password in plaintext, and the server stores a verifier for the user’s password, using DL difficult problem and DH difficult problem, through the session between user and server to establish a session key. The security discussion result shows that the proposed protocol provides forward secrecy, and can effectively defend against server compromising fake attacks, dictionary attacks and middleman attacks. Protocol efficiency comparisons reveal our protocol is more reasonable.
基金the National Science Council (Nos. NSC 99-2218-E-011-014 and NSC 100-2219-E-011-002)
文摘Three-party password authenticated key exchange (3PAKE) protocol plays a significant role in the history of secure communication area in which two clients agree a robust session key in an authentic manner based on passwords. In recent years, researchers focused on developing simple 3PAKE (S-3PAKE) protocol to gain system e?ciency while preserving security robustness for the system. In this study, we first demonstrate how an undetectable on-line dictionary attack can be successfully applied over three existing S-3PAKE schemes. An error correction code (ECC) based S-3PAKE protocol is then introduced to eliminate the identified authentication weakness.
