Further improvement on the modified authenticated key agreement scheme

doi:10.1016/j.amc.2003.08.057

Applied Mathematics and Computation

Volume 157, Issue 3, 15 October 2004, Pages 729-733

https://doi.org/10.1016/j.amc.2003.08.057 Get rights and content

Abstract

In 2003, Hsu et al. showed that the Ku-Wang modified authentication key agreement scheme is vulnerable to the modification attack and further proposed an improvement of the Ku-Wang scheme. However, we find that the Hsu et al. scheme still suffers from the same modification attack. This paper will first show the security flaw in the Hsu et al. scheme, and then propose an improved scheme to repair the security flaw.

Introduction

In 1976, Diffie and Hellman [1] first proposed an asymmetric key agreement scheme to solve the key distribution problem in an open network. However, the Diffie–Hellman scheme is obviously vulnerable to the man-in-middle attack. It is because that the communicating parties have no way to verify each other. In order to defeat the attack, Seo and Sweeney [2], in 1999, proposed an authenticated key agreement scheme, called SAKA, which uses a pre-shared password to provide user authentication. However, in 2000, Tseng [3] showed that the SAKA cannot resist the replay attack in which an attacker can cheat the honest party into believing a wrong session key. Tseng also proposed an improved scheme to prevent the replay attack.

In 2000, Ku and Wang [4] pointed out that the Tseng scheme suffers from two kinds of attacks: the backward replay attack without modification and the modification attack. In the first attack, an attacker can masquerade as one communicating party and replay the exchanged messages to cheat the other one. In the second attack, an attacker can alter the exchanged messages to cheat one party into believing a wrong session key. Ku and Wang [4] also proposed a modified authenticated key agreement scheme to defeat these two attacks. Unfortunately, in 2003, Hsu et al. [5] showed that the Ku–Wang scheme is still vulnerable to the modification attack and gave an improvement to enhance the security of the Ku–Wang scheme. Moreover, the Hsu et al. scheme is more efficient than the previous schemes [2], [3], [4].

However, we find that the Hsu et al. scheme is still vulnerable to the modification attack. An attacker can cheat the participants to accept a wrong session key by altering the exchanged messages. This paper will first review the Hsu et al. scheme, and then show the security flaw in the Hsu et al. scheme in the Section 2. Then, we will further propose an improved scheme and analyze the security in the Section 3. Finally, conclusions will be given in the Section 4.

Section snippets

Review and analysis of the Hsu et al. scheme

In this section, we will briefly review the Hsu et al. scheme and then show the security flaw of the Hsu et al. scheme. Some notations used in the Hsu et al. scheme are defined as follows:

•
A, B: two communicating parties;
•
C: an attacker;
•
id_A, id_B: the identities of A and B;
•
n: a large prime number;
•
g: a generator $∈Z_{n}^{∗}$ with the order n−1;
•
P: the common password shared between A and B;
•
Q: an integer computed from P;
•
Q⁻¹: the inverse of $Q (mod n)$ ;
•
a: a random number chosen by A;
•
b: a random number chosen by B;

The proposed scheme

To resist the modification attack, we propose an improvement on the Hsu et al. scheme in this section. The Key establishment phase in the proposed scheme is the same as the Key establishment phase in the Hsu et al. scheme. The only difference between the proposed scheme and the Hsu et al. scheme is in the Key validation phase.
Key validation phase

(v.1)
A computes X₂=H(id_A,X₁,K₁) and sends X₂ to B.
(v.2)
B verifies the validation of the equation X₂=H(id_A,X₁,K₂).
(v.3)
If it holds, B computes Y₂=H(id_B,Y₁,K₂) and

Conclusions

We have shown that the Hsu et al. scheme is still vulnerable to the modification attack. An attacker can alter the transmitted messages to cheat the communicating parties into believing a wrong session key. This paper further proposes an improvement to repair the security flaw. The improved scheme is as efficient as the Hsu et al. scheme.

Acknowledgements

This research was partially supported by the National Science Council of Republic of China under the contract no. NSC92-2213-E-218-019.

References (5)

C.L. Hsu et al.
Improvement of modified authenticated key agreement protocol
Applied Mathematics and Computation
(2003)
W. Diffie et al.
New directions in cryptography
IEEE Transaction on Information Theory
(1976)

There are more references available in the full text version of this article.

Cited by (11)

Cryptanalysis of the modified authenticated key agreement scheme
2005, Applied Mathematics and Computation
Cryptanalysis of Lee-Kim-Yoo password-based key agreement scheme
2005, Applied Mathematics and Computation
Recently, Lee et al. [S.W. Lee, H.S. Kim, K.Y. Yoo, Improvement of Lee and Lee’s authenticated key agreement scheme, Appl. Math. Comput., in press] showed that Lee–Lee password-based authenticated key agreement scheme [N.Y. Lee, M.F. Lee, Further improvement on the modified authenticated key agreement scheme, Appl. Math. Comput. 157 (2004) 729–733] is vulnerable to an off-line dictionary attack and proposed an improved scheme. In this paper, we show that Lee et al.’s scheme is not only incomplete, i.e., two parties establishing a session key may not share a common session key, but also still vulnerable to an off-line dictionary attack, i.e., an adversary can confirm the correctness of a guessed-password by checking if the scheme’s flows are in a domain (for example, whether a flow is in GF(n) or not). A main reason causing these security breaches is that the scheme’s flows are constructed by using two different types of group operations. Finally, we suggest a simple counter-measure to overcome the problems.
A Secure Key Agreement Protocol for Data Communication in Public Network Based on the Diffie-Hellman Key Agreement Protocol
2020, Lecture Notes in Networks and Systems
Improving the lee-lee's password based authenticated key agreement protocol
2012, International Journal of Innovative Computing, Information and Control
An efficient authenticated key agreement scheme without using smart card
2011, IMETI 2011 - 4th International Multi-Conference on Engineering and Technological Innovation, Proceedings
Simple password-based authenticated key agreement protocol
2011, Advanced Materials Research

View all citing articles on Scopus

View full text