Weaknesses of a password-authenticated key exchange protocol between clients with different passwords

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 3089, Issue , 2004, Pages 414-425

  Wang, Shuhong ^a   Wang, Jie ^a   Xu, Maozhi ^a  

^a PEKING UNIVERSITY   (China)

Author keywords

Cross realm setting; Dictionary attacks; Password authenticated key exchange; Security

Indexed keywords

CRYPTOGRAPHY; NETWORK SECURITY;

CROSS-REALM; DICTIONARY ATTACK; MUTUAL AUTHENTICATION; PASSWORD AUTHENTICATED KEY EXCHANGE PROTOCOLS; PASSWORD-AUTHENTICATED KEY EXCHANGE; SECURITY; SESSION KEY;

AUTHENTICATION;

EID: 35048872322     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-24852-1_30     Document Type: Article

References (31)

1. R. Anderson and S. Vaudenay, Minding Your p's and q's, in Advaces in Cryptology ASIACRYPT'96, LNCS 963, pages 236-247, Springer-Verlag, 1995.
2. F. Bao, Security Analysis of a Password Authenticated Key Exchange Protocol, in Proceedings of ISC'03, LNCS 2851, pages 208-217, Springer-Verlag, 2003.
3. M. Bellare and P. Rogaway, Entity Authentication and Key Distribution, in Advances in cryptology - Crypto'93, pages 232-249, Springer-Verlag, 1993.
4. S. Bellovin and M. Merritt, Encrypted Key Exchange: Password-based Protocols Secure Against Dictionary Attacks, in Proceedings of IEEE Security and Privacy, pages 72-84, 1992.
5. S. Bellovin and M. Merritt, Augumented Encrypted Key Exchange: A Password-based Protocol Secure Against Dictionary Attacks and Password File Compromise. ACM Secrity '93, pages 244-250.
6. V. Boyko, P. MacKenzie, and S. Patel, Provably-secure Password Anthentiation and Key Exchange Using Diffie-Hellman. in Advances in cryptology - EUROCRYPT 2000, LNCS 1807, pages 156-171, Springer-Verlag, 2000.
7. J. W. Byun, I. R. Jeong, D. H. Lee, and C-S. Park, Password-Authenticated Key Exchange Between Clients with Different Passwords, in Proceedings of Information and Communications Security - ICICS 2002, LNCS 2513, pages 134-146, Springer-Verlag, 2002.
8. G. D. Crescenzo, and O. Kornievskaia, Efficient Kerberized multicast in Practical distributed setting, in Proceedings of ISCOl, LNCS 2000, pages 27-45, Springer-Verlag, 2001.
9. W. Diffie, P. Van Oorschot and M. Wiener, Authentication and Authenticated Key Exchange, Designs, Codes and Cryptography, 2, 1992, pages 107-125.
10. L. Gong, Optimal Authentication Protocols Resistant to Password Guessing Attacks, in 8th IEEE Computer Security Foundations Workshop, pages 24-29, 1995.
11. L. Gong, M. Lomas, R. Needham, and J. Saltzer, Protecting Poorly Chosen Secrets from Guessing Attacks, IEEE Journal on Selected Areas in Communications, 11(5), pages 648-656, 1993.
12. Y. H. Hwang, D. H. Yum, and P. J. Lee, EPA: An Efficient Password-Based Protocol for Authenticated Key Exchange, in Proceedings of ACISP SOUS, LNCS 2727, Springer-Verlag Berlin Heidelberg 2003, pages 452-463, 2003
13. D. Jablon, Strong Password-Only Authenticated Key Exchange, ACM Computer Communications Review, vol.26, no.5, pp. 5-20, October 1996.
14. B. Jaspan, Dual-workfactor Encrypted Key Exchange: Efficiently Preventing Password Chaining and Dictionary Attacks, in Proceedings of the 6th Annual USENIX Security Conference, pages 43-50, July, 1996.
15. T. Kwon, Authentication and Key Agreement via Memorable Password, in Proceedings of the ISOC Symposium - NDSS'01, 2001.
16. T. Kwon, M. Kang, S. Jung, and J. Song, An Improvment of the Password-Based Authentication Protocol (KlP) on Security against Replay Attacks, IEICE Irans. Commun., E82-B(7), pages 991-997, 1999.
17. T. Kwon, M. Kang, and J. Song, An Adaptable and Reliable Authentication Protocol for Communication Networks, in Proceedings of IEEE INFOCOM'97, pages 737-744, 1997.
18. C. H. Lim and P. J. Lee, Several Practical Protocols for Authentication to Thresh-old Cryptosystems, Information Processing Letters, 53, 1995, pages 91-96.
19. C.-L. Lin, Hung-Min Sun and T. Hwang. Three-party Encrypted Key Exchange: Attacks and A Solution. ACM Operating Systems Review, 34(4):12-20, 2000.
20. C.-L. Lin, H.-M. Sun and T. Hwang. Three-party Encrypted Key Exchange Without Server Public-Keys. IEEE Communications Letters, 5(12):497-499, December 2001.
21. S. Lucks, Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys, in Proceedings of Security Protocols Workshop, LNCS 1361, pages 79-90, Springer-Verlag, 1997.
22. P. MacKenzie, S. Patel, and R. Swaminathan, Password-Authenticated Key Exchange Based on RSA, in Proceedings of AsiaCrypt 2000, LNCS 1976, pages 599-613, Springer-Verlag, 2000.
23. P. MacKenzie, The PAK suite: Protocols for Password-Authenticated Key Exchange, Submission to IEEE P1363.2, April 2002.
24. P. MacKenzie, More Efficient Password-Authenticated Key Exchange, Progress in Cryptology - CT-RSA 2001, pages 361-377, 2001.
25. n in Advances in cryptology-ASIACRYPT'98, LNCS 1514, Spinger-Verlag, 1998, pp.214-226.
26. S. Patel, Number Theoretic Attacks on Secure Password Schemes, in in Proceedings of IEEE Symposium on Research in Security and Privacy, pages 236-247, 1997.
27. J. G. Steiner, B. C. Newman, and J. I. Schiller, Kerberos: An Authentication Service for Open Network Systems, in USENIX Conference Proceedings, pages 191-202, February, 1988.
28. M. Steiner, G. Tsudik and M. Waidner. Refinement and Extension of Encrypted Key Exchange. ACM SIGOPS Operating Systems Review, 29(3), pages 22-30, 1995.
29. Z. Wan, and S. Wang, Cryptanalysis of Two Password-Authenticated Key Exchange Protocols, in Proceedings of ACISP 2004, LNCS, Springer-Verlage (to appear), 2004.
30. T. Wu, Secure Remote Password Protocol, in ISOC Network and Distributed System Security Symposium, 1998.
31. F. Zhu, D. S. Wong, A. H. Chan, and R. Ye, Password authenticated key exchange based on RSA for imbalanced wireless networks, in Proceedings of ISC 2002, LNCS 2433, pp. 150-161, Springer-Verlag, 2002.