Institutional Repository Analysis of two pairing - based three - party password
نویسندگان
چکیده
Password-Authenticated Key Exchange (PAKE) protocols allow parties to share secret keys in an authentic manner based on an easily memorizable password. Recently, Nam et al. showed that a provably secure three-party passwordbased authenticated key exchange protocol using Weil pairing by Wen et al. is vulnerable to a man-in-the-middle attack. In doing so, Nam et al. showed the flaws in the proof of Wen et al. and described how to fix the problem so that their attack no longer works. In this paper, we show that both Wen et al. and Nam et al. variants fall to key compromise impersonation by any adversary. Our results underline the fact that although the provable security approach is necessary to designing PAKEs, gaps still exist between what can be proven and what are really secure in practice. Keywords-Password-authenticated key exchange; cryptanalysis; attacks; provable security; three-party; key compromise impersonation; Weil pairing
منابع مشابه
Analysis of Two Pairing - based Three - party Password
Password-Authenticated Key Exchange (PAKE) protocols allow parties to share secret keys in an authentic manner based on an easily memorizable password. Recently, Nam et al. showed that a provably secure three-party passwordbased authenticated key exchange protocol using Weil pairing by Wen et al. is vulnerable to a man-in-the-middle attack. In doing so, Nam et al. showed the flaws in the proof ...
متن کاملAn Improvement on a Three-party Password-based Key Exchange Protocol Using Weil Pairing
The three-party password-based key exchange protocols using Weil pairing proposed by Wen is vulnerable to impersonation attack. By introducing hard artificial intelligence problem, we show an improved protocol, which can resist against not only the impersonation attack but also all the other well-known attacks. Analysis also shows that improved protocol reduces about one third computational cos...
متن کاملAnalysis of Two Pairing - based Three -
Password-Authenticated Key Exchange (PAKE) protocols allow parties to share secret keys in an authentic manner based on an easily memorizable password. Recently, Nam et al. showed that a provably secure three-party passwordbased authenticated key exchange protocol using Weil pairing by Wen et al. is vulnerable to a man-in-the-middle attack. In doing so, Nam et al. showed the flaws in the proof ...
متن کاملSecurity Weakness in a Three-Party Password-Based Key Exchange Protocol Using Weil Pairing
Recently, Wen, Lee, and Hwang proposed a three-party password-authenticated key exchange protocol making use of the Weil pairing. The protocol was claimed to be provably secure. But despite the claim of provable security, the protocol is in fact insecure in the presence of an active adversary. We demonstrate this by presenting an attack that completely compromises the authentication mechanism o...
متن کاملPairing-Based Two-Party Authenticated Key Agreement Protocol
To achieve secure data communications, two parties should be authenticated by each other and agree on a secret session key by exchanging messages over an insecure channel. In this paper, based on the bilinear pairing, we present a new two-party authenticated key agreement protocol, and use the techniques from provable security to examine the security of our protocol within Bellare-Rogaway model.
متن کامل