Abstract
Recently, there have been proposed a number of password-authenticated key agreement protocols for two-party setting or three-party setting. In this paper, we show that recently proposed three password-authenticated key agreement protocols in [11,12,10] are insecure against several active attacks including a stolen-verifier attack, an off-line password guessing attack and impersonation attacks.
This work was supported by the Korea Research Foundation Grant funded by the Korean Government(MOEHRD).(KRF-2005-217-C00002).
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Bellovin, S.M., Merritt, M.: Encrypted key exchange: Password-based protocols secure against dictionary attacks. In: Proc. of the 1992 IEEE Computer Society Conference on Research in security and Privacy, pp. 72–84 (1992)
Bellovin, S.M., Merritt, M.: Augmented encrypted key exchange: Password-based protocols secure against dictionary attacks and password file compromise, Technical report, AT&T Bell Laboratories (1994)
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated Key Exchange Secure Against Dictionary Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)
Boyko, V., MacKenzie, P., Patel, S.: Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)
Byun, J., Jeong, I., Lee, D., Park, C.: Password-authenticated key exchange between clients with different passwords. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 134–146. Springer, Heidelberg (2002)
Chen, L.: A weakness of the password-authenticated key exchange between clients with different passwords scheme, The documnet was being circulated for consideration at the 27th SC27/WG2 meeting in Paris, France, 2003-10-20/24 (2003)
Ding, Y., Horster, P.: Undetectable on-line password guessing attacks. ACM Operating Systems Review 29(4), 77–86 (1995)
Jablon, D.: Extended password methods immune to dictionary attack. In: Proc. of the WETICE 1997 Enterprise Security Workshop, Cambridge, MA (June 1997)
Jablon, D.: Strong password-only authenticated key exchange. Computer Communication Review 26(5), 5–26 (1996)
Kim, J., Kim, S., Kwak, J., Won, D.: Cryptanalysis and improvment of password-authenticated key exchange between clients with different passwords. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3043, pp. 895–902. Springer, Heidelberg (2004)
Lee, S.-W., Kim, W.-H., Kim, H.-S., Yoo, K.-Y.: Efficient password-based authenticated key agreement protocol. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3046, pp. 617–626. Springer, Heidelberg (2004)
Lee, S.-W., Kim, H.-S., Yoo, K.-Y.: Efficient verifier-based key agreement protocol for three parties without server’s public key. Applied Mathematics and Computation (in press)
Lin, C.-L., Sun, H.-M., Hwang, T.: Three-party encrypted key exchange: attacks and a solution. ACM Operating Systems Review 34(4), 12–20 (2000)
MacKenzie, P., Swaminathan, R.: Secure Network Authentication with Password Identification, Submission to IEEE P1363a (1999)
Steiner, M., Tsudik, G., Waidner, M.: Refinement and extension of encrypted key exchange. ACM Operating System review 29(3) (July 1995)
Wu, T.: The secure remote password protocol. In: Internet Society Symposium on Network and Distribute System Security, pp. 97–111 (1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Shim, KA., Seo, SH. (2005). Security Analysis of Password-Authenticated Key Agreement Protocols. In: Desmedt, Y.G., Wang, H., Mu, Y., Li, Y. (eds) Cryptology and Network Security. CANS 2005. Lecture Notes in Computer Science, vol 3810. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11599371_5
Download citation
DOI: https://doi.org/10.1007/11599371_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30849-2
Online ISBN: 978-3-540-32298-6
eBook Packages: Computer ScienceComputer Science (R0)