Cryptanalysis of an efficient three-party password-based key exchange scheme
| Contribuinte(s) |
UNIVERSIDADE DE SÃO PAULO |
|---|---|
| Data(s) |
14/10/2013
14/10/2013
2012
|
| Resumo |
Three-party password-authenticated key exchange (3PAKE) protocols allow entities to negotiate a secret session key with the aid of a trusted server with whom they share a human-memorable password. Recently, Lou and Huang proposed a simple 3PAKE protocol based on elliptic curve cryptography, which is claimed to be secure and to provide superior efficiency when compared with similar-purpose solutions. In this paper, however, we show that the solution is vulnerable to key-compromise impersonation and offline password guessing attacks from system insiders or outsiders, which indicates that the empirical approach used to evaluate the scheme's security is flawed. These results highlight the need of employing provable security approaches when designing and analyzing PAKE schemes. Copyright (c) 2011 John Wiley & Sons, Ltd. |
| Identificador |
INTERNATIONAL JOURNAL OF COMMUNICATION SYSTEMS, HOBOKEN, v. 25, n. 11, supl. 1, Part 2, pp. 1443-1449, NOV, 2012 1074-5351 http://www.producao.usp.br/handle/BDPI/34324 10.1002/dac.1373 |
| Idioma(s) |
eng |
| Publicador |
WILEY-BLACKWELL HOBOKEN |
| Relação |
INTERNATIONAL JOURNAL OF COMMUNICATION SYSTEMS |
| Direitos |
closedAccess Copyright WILEY-BLACKWELL |
| Palavras-Chave | #CRYPTANALYSIS #PASSWORD-AUTHENTICATED KEY EXCHANGE #THREE-PARTY #OFFLINE PASSWORD GUESSING #KEY-COMPROMISE IMPERSONATION #PROTOCOL #CRYPTOGRAPHY #ENGINEERING, ELECTRICAL & ELECTRONIC #TELECOMMUNICATIONS |
| Tipo |
article original article publishedVersion |
