An enhanced password authenticated key exchange protocol without server public keys

Author

Saeed, Maryam ; Mackvandi, Ali ; Naddafiun, M. ; Karimnejad, Hamid Reza

Author_Institution

Iran Univ. of Sci. & Technol., Tehran, Iran

fYear

2012

fDate

15-17 Oct. 2012

Firstpage

87

Lastpage

91

Abstract

Password Authenticated Key Exchange (PAKE) protocols permit two entities to generate a large common session key and authenticate each other based on a pre-shared human memorable password. In 2006, Strangio proposed the DH-BPAKE protocol and claimed that the mentioned protocol is provably secure against several attacks. In this paper, it is shown that the DH-BPAKE protocol is vulnerable to password compromise impersonation attack and it is not efficient due to the number of running steps and its computational load. To overcome these weaknesses, an enhanced PAKE protocol is proposed which provides several security properties. In addition, it is proved that our proposed scheme is more sefficient¹ (Secure & Efficient) in comparison with DH-BPAKE protocol.

Keywords

authorisation; cryptographic protocols; DH-BPAKE protocol; common session key generation; cryptographic protocol; impersonation attack; password authenticated key exchange protocol; preshared human memorable password; Authentication; Cryptography; Dictionaries; Protocols; Resilience; Servers; Cryptographic Protocols; DH-BPAKE protocol; Network Security; Password Authentication Key Exchange (PAKE); Security Analysis;

fLanguage

English

Publisher

ieee

Conference_Titel

ICT Convergence (ICTC), 2012 International Conference on

Conference_Location

Jeju Island

Print_ISBN

978-1-4673-4829-4

Electronic_ISBN

978-1-4673-4827-0

Type

conf

DOI

10.1109/ICTC.2012.6386785

Filename

6386785