文章基本信息

标题：Cryptanalysis and Improvement of a Password-Based Authenticated Three-Party Key Exchange Protocol
本地全文：下载
作者：Youngsook Lee
期刊名称：International Journal of Security and Its Applications
印刷版ISSN：1738-9976
出版年度：2014
卷号：8
期号：4
页码：151-160
DOI：10.14257/ijsia.2014.8.4.14
出版社：SERSC
摘要：Protocols for password-based authenticated key exchange (PAKE) in the three-party setting must be designed to be secure against dictionary attacks even in the presence of a malicious insider. In this work, we revisit the three-party PAKE protocol proposed by Kim and Choi in 2009, and demonstrate that the protocol is vulnerable to an insider offline dictionary attack (which allows an adversary to impersonate a legitimate party and initiate transactions). We also show that due to the vulnerability, Kim and Choi's protocol is rendered insecure in the in distinguish ability-based security model of Bellare, Pointcheval and Rogaway (2000). We propose an improved three-party PAKE protocol which is resistant to all classes of dictionary attacks, including insider offline dictionary attacks and undetectable online dictionary attacks.
关键词：Authenticated key exchange; Password; Three-party setting; Dictionary attack; ; Insider