Cryptanalysis of a Provably Secure Gateway-Oriented Password-Based Authenticated Key Exchange Protocol
نویسنده
چکیده
Recently, Chien et al. proposed a gateway-oriented password-based authenticated key exchange (GPAKE) protocol, through which a client and a gateway could generate a session key for future communication with the help of an authentication server. They also demonstrated that their scheme is provably secure in a formal model. However, in this letter, we will show that Chien et al.’s protocol is vulnerable to the off-line password guessing attack. To overcome the weakness, we also propose an efficient countermeasure. Keywords-Password-based; Authenticated key exchange; Gateway; Off-line password guessing attack
منابع مشابه
Running Short Title: Provably Secure Gateway-Oriented Password-Based Authentication Long Title: Provably Secure Gateway-Oriented Password-Based Authenticated Key Exchange Protocol Resistant to Password Guessing Attacks
A Gateway-oriented Password-based Authenticated Key Exchange (GPAKE) scheme allows a client to establish an authenticated session key with a gateway via the help of an authentication server, where the client has pre-shared a password with the server. The desirable security properties of a GPAKE include session key semantic security, key privacy against servers, and password guessing attacks res...
متن کاملProvably Secure Gateway-Oriented Password-Based Authenticated Key Exchange Protocol Resistant to Password Guessing Attacks
A Gateway-oriented Password-based Authenticated Key Exchange (GPAKE) scheme allows a client to establish an authenticated session key with a gateway via the help of an authentication server, where the client has pre-shared a password with the server. The desirable security properties of a GPAKE include session key semantic security, key privacy against servers, and password guessing attacks res...
متن کاملAnalysis of Two Pairing - based Three - party Password
Password-Authenticated Key Exchange (PAKE) protocols allow parties to share secret keys in an authentic manner based on an easily memorizable password. Recently, Nam et al. showed that a provably secure three-party passwordbased authenticated key exchange protocol using Weil pairing by Wen et al. is vulnerable to a man-in-the-middle attack. In doing so, Nam et al. showed the flaws in the proof ...
متن کاملInstitutional Repository Analysis of two pairing - based three - party password
Password-Authenticated Key Exchange (PAKE) protocols allow parties to share secret keys in an authentic manner based on an easily memorizable password. Recently, Nam et al. showed that a provably secure three-party passwordbased authenticated key exchange protocol using Weil pairing by Wen et al. is vulnerable to a man-in-the-middle attack. In doing so, Nam et al. showed the flaws in the proof ...
متن کاملProvably Secure Gateway Threshold Password-Based Authenticated Key Exchange Secure against Undetectable On-Line Dictionary Attack
By using Password-based Authenticated Key Exchange (PAKE), a server can authenticate a user who has only the same password shared with the server in advance and establish a session key with the user simultaneously. However, in the real applications, we may have a situation where a user needs to share a session key with server A, but the authentication needs to be done by a different server B th...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2012 شماره
صفحات -
تاریخ انتشار 2012