Cryptanalysis of a Password-based Group Key Exchange Protocol Using Secret Sharing

نویسنده

  • Ruxandra F. Olimid
چکیده

Yuan et al. recently introduced a password-based group key transfer protocol that uses secret sharing, which they claim to be efficient and secure [9]. We remark its resemblance to the construction of Harn and Lin [1], which Nam et al. proved vulnerable to a replay attack [3]. It is straightforward that the same attack can be mount against Yuan et al.’s protocol, proving that the authors’ claim is false. In the same paper, Nam et al. propose a countermeasure that may also apply to Yuan et al.’s protocol. However, we show that their protocol remains susceptible to an insider attack (even if it stands against the replay attack): any malicious participant can recover the long-term secret password of any other user and therefore becomes able to compute group keys he is unauthorized to know.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

An Efficient Password-based Group Key Exchange Protocol Using Secret Sharing

In this paper, a novel and efficent password based group key exchange protocol with secret sharing is proposed. Secret sharing technology is usually used to control the privileges of the authorized users to improve the robustness of the system in past years. The results are applied into designing the key exchange protocol directly, which clarify the proposed scheme. The security analysis shows ...

متن کامل

Cryptanalysis of a new protocol of wide use for email with perfect forward secrecy

This paper considers security analysis of a cross-realm client-to-client password-authenticated key exchange (C2C-PAKE) protocol with indirect communication structure that was proposed for secure email. The protocol does not need any public key infrastructure (PKI) and was designed to enable senders and recipients of emails to register at different mail servers. However, mail servers require sh...

متن کامل

Universally Composable Two-Server PAKE

Two-Server Password Authenticated Key Exchange (2PAKE) protocols apply secret sharing techniques to achieve protection against server-compromise attacks. 2PAKE protocols eliminate the need for password hashing and remain secure as long as one of the servers remains honest. This concept has also been explored in connection with two-server password authenticated secret sharing (2PASS) protocols f...

متن کامل

Cryptanalysis of a Three-party Password-based Authenticated Key Exchange Protocol

Key exchange protocols allow two or more parties communicating over a public network to establish a common secret key called a session key. Due to their significance in building a secure communication channel, a number of key exchange protocols have been suggested over the years for a variety of settings. Recently, Lo et al. proposed a three-party password-based authenticated key exchange (3PAK...

متن کامل

An Approach for SMS Security using Authentication Functions

Asymmetric algorithm like Diffie-Hellman can be used to encrypt the SMS message in M-commerce or mobile banking system. Password key exchange protocol based on Diffie-Hellman key exchange algorithm allows users to exchange a secret key that can be used in message encryption. The security of this protocol can be increased by using the MAC (message authentication code) or hash function with the e...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2013