Cryptanalysis of the Secure Sessions from Weak Secrets Protocols
نویسنده
چکیده
The Short Secret Sharing Protocols (S3P), proposed by Roe et al in 1998 [13] and revised in 2003 [14], is a family of protocols that bootstrap secure session keys from weak secrets such as passwords. In this letter, we describe an attack against the RSA variants of the S3P protocols. The attacker can successfully masquerade as one of the participants, establish a new session, and gain knowledge of the session key. We present possible modifications to the protocol to prevent such an attack.
منابع مشابه
Secure Sessions from Weak Secrets
Sometimes two parties who share a weak secret k such as a password wish to share a strong secret s such as a session key without revealing information about k to an active attacker. We assume that both parties can generate strong random numbers and forget secrets, and present three protocols for secure strong secret sharing, based on RSA, Diffie-Hellman, and El-Gamal. As well as being simpler a...
متن کاملAdaptive Weak Secrets for Authenticated Key Exchange*
This paper describes biometric-based cryptographic techniques that use weak secrets to provide strong, multi-factor and mutual authentication, and establish secure channels for subsequent communications. These techniques rely on lightweight cryptographic algorithms for confidential information exchange. Lightweight algorithms are suitable for use in resource constrained environments such as the...
متن کاملGame-Based Cryptanalysis of a Lightweight CRC-Based Authentication Protocol for EPC Tags
The term "Internet of Things (IoT)" expresses a huge network of smart and connected objects which can interact with other devices without our interposition. Radio frequency identification (RFID) is a great technology and an interesting candidate to provide communications for IoT networks, but numerous security and privacy issues need to be considered. In this paper, we analyze the security and ...
متن کاملProcess algebraic modeling of authentication protocols for analysis of parallel multi-session executions
Many security protocols have the aim of authenticating one agent acting as initiator to another agent acting as responder and vice versa. Sometimes, the authentication fails because of executing several parallel sessions of a protocol, and because an agent may play both the initiator and responder role in parallel sessions. We take advantage of the notion of transition systems to specify authen...
متن کاملModeling Leakage of Ephemeral Secrets in Tripartite/Group Key Exchange
Recent advances in the design and analysis of secure two-party key exchange (2KE) such as the leakage of ephemeral secrets used during the attacked sessions remained unnoticed by the current models for group key exchange (GKE). Focusing on a special case of GKE — the tripartite key exchange (3KE) — that allows for efficient one-round protocols, we demonstrate how to incorporate these advances t...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- I. J. Network Security
دوره 2 شماره
صفحات -
تاریخ انتشار 2006