An off-line dictionary attack on a simple three-party key exchange protocol

An off-line dictionary attack on a simple three-party key exchange protocol

Key exchange protocols allow two or more parties communicating over a public network to establish a common secret key called a session key. Due to their significance in building a secure communication channel, a number of key exchange protocols have been suggested over the years for a variety of set...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE communications letters 2009-03, Vol.13 (3), p.205-207
Hauptverfasser: Junghyun Nam, Junghyun Nam, Juryon Paik, Juryon Paik, Hyun-kyu Kang, Hyun-kyu Kang, Ung Kim, Ung Kim, Dongho Won, Dongho Won
Format: Artikel
Sprache:eng
Schlagworte:
Applied sciences
Authentication
Channels
Communicating
Communication channels
Communication system security
Cryptography
Dictionaries
dictionary attack
Exact sciences and technology
Information security
Information, signal and communications theory
Key exchange protocol
Large-scale systems
Networks
password
Passwords
Peer to peer computing
Protection
Protocols
Secret
secure communication
Security
Signal and communications theory
Systems, networks and services of telecommunications
Telecommunications
Telecommunications and information theory
Transmission and modulation (techniques and equipments)
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Key exchange protocols allow two or more parties communicating over a public network to establish a common secret key called a session key. Due to their significance in building a secure communication channel, a number of key exchange protocols have been suggested over the years for a variety of settings. Among these is the so-called S-3PAKE protocol proposed by Lu and Cao for password-authenticated key exchange in the three-party setting. In the current work, we are concerned with the password security of the S-3PAKE protocol. We first show that S-3PAKE is vulnerable to an off-line dictionary attack in which an attacker exhaustively enumerates all possible passwords in an off-line manner to determine the correct one. We then figure out how to eliminate the security vulnerability of S-3PAKE.
ISSN:1089-7798
1558-2558
DOI:10.1109/LCOMM.2009.081609