A weakness in Sun-Chen-Hwang's three-party key agreement protocols using passwords
نویسندگان
چکیده
Recently, Sun, Chen and Hwang [J. Syst. Software, 75 (2005), 63–68] have proposed two new three-party protocols, one for password-based authenticated key agreement and one for verifier-based authenticated key agreement. In this paper, we show that both of Sun-Chen-Hwang’s protocols are insecure against an active adversary who can intercept messages, start multiple sessions of a protocol, or otherwise control the communication in the network. Also, we present a simple solution to the security problem with the protocols.
منابع مشابه
Attack on the Sun-Chen-Hwang's Three-Party Key Agreement Protocols Using Passwords
The possibility of secure password-authenticated key exchange was recognized in the work of Bellovin and Merritt [1], which shows how to bootstrap a high-entropy cryptographic key from a weak, low-entropy password. Due in large part to the practical significance of password-based authentication, this initial work has been extended to a number of settings, including a three-party model where an ...
متن کاملCryptanalysis of the N-Party Encrypted Diffie-Hellman Key Exchange Using Different Passwords
We consider the problem of password-authenticated group Diffie-Hellman key exchange among N parties, N−1 clients and a singleserver, using different passwords. Most password-authenticated key exchange schemes in the literature have focused on an authenticated key exchange using a shared password between a client and a server. With a rapid change in modern communication environment such as ad-ho...
متن کاملAn Offline Dictionary Attack against a Three-Party Key Exchange Protocol
Despite all the research efforts made so far, the design of protocols for password-authenticated key exchange (PAKE) still remains a non-trivial task. One of the major challenges in designing such protocols is to protect low-entropy passwords from the notorious dictionary attacks. In this work, we revisit Abdalla and Pointcheval’s three-party PAKE protocol presented in Financial Cryptography 20...
متن کاملOn the Security of a Chaotic Maps-based Three-party Authenticated Key Agreement Protocol
Chaotic map has been receiving increasing attention in the cryptographic literature. There are various scholars working on a particular type of authenticated key exchange protocol using chaotic map in the recent years. Very recently, Li et al. proposed a new three-party-authenticated key agreement protocol based on chaotic maps without storing a password table in a server. Compared with previou...
متن کاملPassword-Authenticated Multi-Party Key Exchange with Different Passwords
Password-authenticated key exchange (PAKE) allows two or multiple parties to share a session key using a human-memorable password only. PAKE has been applied in various environments, especially in the “clientserver” model of remotely accessed systems. Designing a secure PAKE scheme has been a challenging task because of the low entropy of password space and newly recognized attacks in the emerg...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2004 شماره
صفحات -
تاریخ انتشار 2004