Abstract
Recently, there have been proposed a number of password-authenticated key agreement protocols for two-party setting or three-party setting. In this paper, we show that recently proposed three password-authenticated key agreement protocols in [11,12,10] are insecure against several active attacks including a stolen-verifier attack, an off-line password guessing attack and impersonation attacks.
This work was supported by the Korea Research Foundation Grant funded by the Korean Government(MOEHRD).(KRF-2005-217-C00002).
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Bellovin, S.M., Merritt, M.: Encrypted key exchange: Password-based protocols secure against dictionary attacks. In: Proc. of the 1992 IEEE Computer Society Conference on Research in security and Privacy, pp. 72–84 (1992)
Bellovin, S.M., Merritt, M.: Augmented encrypted key exchange: Password-based protocols secure against dictionary attacks and password file compromise, Technical report, AT&T Bell Laboratories (1994)
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated Key Exchange Secure Against Dictionary Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)
Boyko, V., MacKenzie, P., Patel, S.: Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)
Byun, J., Jeong, I., Lee, D., Park, C.: Password-authenticated key exchange between clients with different passwords. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 134–146. Springer, Heidelberg (2002)
Chen, L.: A weakness of the password-authenticated key exchange between clients with different passwords scheme, The documnet was being circulated for consideration at the 27th SC27/WG2 meeting in Paris, France, 2003-10-20/24 (2003)
Ding, Y., Horster, P.: Undetectable on-line password guessing attacks. ACM Operating Systems Review 29(4), 77–86 (1995)
Jablon, D.: Extended password methods immune to dictionary attack. In: Proc. of the WETICE 1997 Enterprise Security Workshop, Cambridge, MA (June 1997)
Jablon, D.: Strong password-only authenticated key exchange. Computer Communication Review 26(5), 5–26 (1996)
Kim, J., Kim, S., Kwak, J., Won, D.: Cryptanalysis and improvment of password-authenticated key exchange between clients with different passwords. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3043, pp. 895–902. Springer, Heidelberg (2004)
Lee, S.-W., Kim, W.-H., Kim, H.-S., Yoo, K.-Y.: Efficient password-based authenticated key agreement protocol. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3046, pp. 617–626. Springer, Heidelberg (2004)
Lee, S.-W., Kim, H.-S., Yoo, K.-Y.: Efficient verifier-based key agreement protocol for three parties without server’s public key. Applied Mathematics and Computation (in press)
Lin, C.-L., Sun, H.-M., Hwang, T.: Three-party encrypted key exchange: attacks and a solution. ACM Operating Systems Review 34(4), 12–20 (2000)
MacKenzie, P., Swaminathan, R.: Secure Network Authentication with Password Identification, Submission to IEEE P1363a (1999)
Steiner, M., Tsudik, G., Waidner, M.: Refinement and extension of encrypted key exchange. ACM Operating System review 29(3) (July 1995)
Wu, T.: The secure remote password protocol. In: Internet Society Symposium on Network and Distribute System Security, pp. 97–111 (1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Shim, KA., Seo, SH. (2005). Security Analysis of Password-Authenticated Key Agreement Protocols. In: Desmedt, Y.G., Wang, H., Mu, Y., Li, Y. (eds) Cryptology and Network Security. CANS 2005. Lecture Notes in Computer Science, vol 3810. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11599371_5
Download citation
DOI: https://doi.org/10.1007/11599371_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30849-2
Online ISBN: 978-3-540-32298-6
eBook Packages: Computer ScienceComputer Science (R0)