Title :
An off-line dictionary attack on a simple three-party key exchange protocol
Author :
Nam, Junghyun ; Paik, Juryon ; Kang, Hyun-Kyu ; Kim, Ung Mo ; Won, Dongho
Author_Institution :
Dept. of Comput. Sci., Konkuk Univ., Chungju
fDate :
3/1/2009 12:00:00 AM
Abstract :
Key exchange protocols allow two or more parties communicating over a public network to establish a common secret key called a session key. Due to their significance in building a secure communication channel, a number of key exchange protocols have been suggested over the years for a variety of settings. Among these is the so-called S-3PAKE protocol proposed by Lu and Cao for password-authenticated key exchange in the three-party setting. In the current work, we are concerned with the password security of the S-3PAKE protocol. We first show that S-3PAKE is vulnerable to an off-line dictionary attack in which an attacker exhaustively enumerates all possible passwords in an off-line manner to determine the correct one. We then figure out how to eliminate the security vulnerability of S-3PAKE.
Keywords :
cryptographic protocols; dictionaries; message authentication; public key cryptography; telecommunication channels; telecommunication security; S-3PAKE protocol; off-line dictionary attack; password security; password-authenticated key exchange; public network; secure communication channel; session key; three-party key exchange protocol; three-party setting; Authentication; Communication channels; Communication system security; Cryptography; Dictionaries; Information security; Large-scale systems; Peer to peer computing; Protection; Protocols; Key exchange protocol; dictionary attack; password; secure communication;
Journal_Title :
Communications Letters, IEEE
DOI :
10.1109/LCOMM.2009.081609
