Abstract
This paper presents an attack on Anderson and Lomas's proposed password-based authenticated key exchange protocol that uses collisionful hash functions. The weaknesses of the protocol when an old session key is compromised are studied and alternative solutions are given.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
References
R. J. Anderson and T. M. A. Lomas, “Fortifying Key Negotiation Schemes with Poorly Chosen Passwords,” Electronics Letters, vol. 30, pp. 1040–1041, June 1994.
S. Bakhtiari, R. Safavi-Naini, and J. Pieprzyk, “Cryptographic Hash Functions: A Survey,” Tech. Rep. 95-09, Department of Computer Science, University of Wollongong, July 1995.
S. Bakhtiari, R. Safavi-Naini, and J. Pieprzyk, “On Selectable Collisionful Hash Functions,” in the Astralian Conference on Information Security and Privacy, 1996. (To Appear).
S. M. Bellovin and M. Merritt, “Augmented Encrypted Key Exchange: a Password-based Protocol Secure Against Dictionary Attacks and Password File Compromise,” tech. rep., AT&T, Nov. 1993.
T. A. Berson, L. Gong, and T. M. A. Lomas, “Secure, Keyed, and Collisionful Hash Functions,” Tech. Rep. (included in) SRI-CSL-94-08, SRI International Laboratory, Menlo Park, California, Dec. 1993. The revised version (September 2, 1994).
W. Diffie and M. Hellman, “New Directions in Cryptography,” IEEE Transactions on Information Theory, vol. IT-22, pp. 644–654, Nov. 1976.
S. R. Harrison and H. U. Tamaschke, Applied Statistical Analysis. Prentice-Hall, 1984.
B. Preneel, Analysis and Design of Cryptographic Hash Functions. PhD thesis, Katholieke University Leuven, Jan. 1993.
R. L. Rivest, “The MD5 Message-Digest Algorithm.” RFC 1321, Apr. 1992. Network Working Group, MIT Laboratory for Computer Science and RSA Data Security, Inc.
R. L. Rivest and A. Shamir, “How to Expose an Eavesdropper,” Communications of the ACM, vol. 27, 1984.
J. G. Steiner, B. C. Neuman, and J. I. Schiller, “Kerberos: An Authentication Service for Open Network Systems,” in Winter 1988 USENIX Conference, (Dallas, TX), pp. 191–201, USENIX Association, 1988.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1996 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bakhtiari, S., Safavi-Naini, R., Pieprzyk, J. (1996). On password-based authenticated key exchange using collisionful hash functions. In: Pieprzyk, J., Seberry, J. (eds) Information Security and Privacy. ACISP 1996. Lecture Notes in Computer Science, vol 1172. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0023308
Download citation
DOI: https://doi.org/10.1007/BFb0023308
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-61991-8
Online ISBN: 978-3-540-49583-3
eBook Packages: Springer Book Archive