An Offline Dictionary Attack against a Three-Party Key Exchange Protocol
نویسندگان
چکیده
Despite all the research efforts made so far, the design of protocols for password-authenticated key exchange (PAKE) still remains a non-trivial task. One of the major challenges in designing such protocols is to protect low-entropy passwords from the notorious dictionary attacks. In this work, we revisit Abdalla and Pointcheval’s three-party PAKE protocol presented in Financial Cryptography 2005, and demonstrate that the protocol is vulnerable to an off-line dictionary attack whereby a malicious client can find out the passwords of other clients.
منابع مشابه
On the security of a password-only authenticated three-party key exchange protocol
This note reports major previously unpublished security vulnerabilities in the password-only authenticated three-party key exchange protocol due to Lee and Hwang (Information Sciences, 180, 1702–1714, 2010): (1) the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2) the protocol cannot protect clients’ passwords against an ...
متن کاملEfficient verifier-based password-authenticated key exchange in the three-party setting
In the last few years, researchers have extensively studied the password-authenticated key exchange (PAKE) in the three-party setting. The fundamental security goal of PAKE is security against dictionary attacks. The protocols for verifier-based PAKE are additionally required to be secure against server compromise. Some verifier-based PAKE schemes in the three-party setting have been suggested ...
متن کاملEnhancements of a three-party password-based authenticated key exchange protocol
This paper discusses the security for a simple and efficient three-party password-based authenticated key exchange protocol proposed by Huang most recently. Our analysis shows her protocol is still vulnerable to three kinds of attacks: 1). undetectable on-line dictionary attacks, 2). key-compromise impersonation attack. Thereafter we propose an enhanced protocol that can defeat the attacks desc...
متن کاملWeakness of a three-party password-based authenticated key exchange protocol
To guarantee the quality of the growing popular communication services, quite recently, Huang presented a simple and efficient three-party password-based authenticated key exchange protocol in International Journal of Communications and Systems. In this letter, we first show her protocol is still vulnerable to a partition attack (offline dictionary attack), by which the adversary can easily det...
متن کاملCryptanalysis of Yang-Li-Liao’s Simple Three-Party Key Exchange (S-3PAKE) Protocol
Three-party password authenticated key exchange (3PAKE) protocols are widely deployed on lots of remote user authentication system due to its simplicity and convenience of maintaining a human-memorable password at client side to achieve secure communication within a hostile network. Recently, an improvement of 3PAKE protocol by processing a built-in data attached to other party for identity aut...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2013 شماره
صفحات -
تاریخ انتشار 2013