On the Security Analysis of Lee, Hwang & Lee (2004) and Song & Kim (2000) Key Exchange / Agreement Protocols
نویسنده
چکیده
We revisit the password-based group key exchange protocol due to Lee et al. (2004), which carries a claimed proof of security in the Bresson et al. model under the intractability of the Decisional Diffie–Hellman problem (DDH) and Computational Diffie–Hellman (CDH) problem. We reveal a previously unpublished flaw in the protocol and its proof, whereby we demonstrate that the protocol violates the definition of security in the model. To provide a better insight into the protocol and proof failures, we present a fixed protocol. We hope our analysis will enable similar mistakes to be avoided in the future. We also revisit protocol 4 of Song and Kim (2000), and reveal a previously unpublished flaw in the protocol (i.e., a reflection attack).
منابع مشابه
Formal analysis of Jan–Chen, Yang–Shen–Shieh, Kim–Huh–Hwang– Lee, Lin–Sun–Hwang, and Yeh–Sun protocols
Despite the importance of proofs in assuring protocol implementers about the security properties of key establishment protocols, many protocol designers fail to provide any proof of security. Flaws detected long after the publication and/or implementation of protocols will erode the credibility of key establishment protocols. We revisit recent work of Choo, Boyd, Hitchcock, Maitland where they ...
متن کاملThe importance of proofs of security for key establishment protocols: Formal analysis of Jan-Chen, Yang-Shen-Shieh, Kim-Huh-Hwang-Lee, Lin-Sun-Hwang, and Yeh-Sun protocols
Despite the importance of proofs in assuring protocol implementers about the security properties of key establishment protocols, many protocol designers fail to provide any proof of security. Flaws detected long after the publication and/or implementation of protocols will erode the credibility of key establishment protocols. We revisit recent work of Choo, Boyd, Hitchcock, & Maitland (2004) wh...
متن کاملCryptanalysis of Lee-Kim-Yoo password-based key agreement scheme
Recently, Lee et al. [S.W. Lee, H.S. Kim, K.Y. Yoo, Improvement of Lee and Lee s authenticated key agreement scheme, Appl. Math. Comput., in press] showed that Lee–Lee password-based authenticated key agreement scheme [N.Y. Lee, M.F. Lee, Further improvement on the modified authenticated key agreement scheme, Appl. Math. Comput. 157 (2004) 729–733] is vulnerable to an off-line dictionary attack...
متن کاملOn the Security of a Simple Three-Party Key Exchange Protocol without Server's Public Keys
Authenticated key exchange protocols are of fundamental importance in securing communications and are now extensively deployed for use in various real-world network applications. In this work, we reveal major previously unpublished security vulnerabilities in the password-based authenticated three-party key exchange protocol according to Lee and Hwang (2010): (1) the Lee-Hwang protocol is susce...
متن کاملOff-line Password Guessing Attack on an Efficient Key Agreement Protocol for Secure Authentication
In 2004, Kim, Huh, Hwang and Lee proposed an efficient key agreement protocol for secure authentication. In this paper, we shall show that their proposed protocol cannot resist the off-line password guessing attack and therefore present a modified protocol to avoid this attack.
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Informatica, Lith. Acad. Sci.
دوره 17 شماره
صفحات -
تاریخ انتشار 2006