Browse > Article
http://dx.doi.org/10.9708/jksci.2011.16.2.173

Secure Password Authenticated Key Exchange Protocol for Imbalanced Wireless Networks  

Yang, Hyung-Kyu (Dept. of Computer &media-information Engineering)
Abstract
User authentication and key exchange protocols are the most important cryptographic applications. For user authentication, most protocols are based on the users' secret passwords. However, protocols based on the users' secret passwords are vulnerable to the password guessing attack. In 1992, Bellovin and Merritt proposed an EKE(Encrypted Key Exchange) protocol for user authentication and key exchage that is secure against password guessing attack. After that, many enhanced and secure EKE protocols are proposed so far. In 2006, Lo pointed out that Yeh et al.'s password-based authenticated key exchange protocol has a security weakness and proposed an improved protocol. However, Cao and Lin showed that his protocol is also vulnerable to off-line password guessing attack. In this paper, we show his protocol is vulnerable to on-line password guessing attack using new attack method, and propose an improvement of password authenticated key exchange protocol for imbalanced wireless networks secure against password guessing attack.
Keywords
Password; Authenticated Key Exchange; Wireless Network; Password Guessing Attack;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 T. Cao and D. Lin, "Cryptanalysis of Two Password Authenticated Key Exchange Protocols Based on RSA," IEEE Communications Letters, Vol. 10, No. 8, pp. 623-625, Aug. 2006.   DOI   ScienceOn
2 Jeon, Jeong-Hoon, "An advanced key distribution mechanism and security protocol to reduce a load of the key management system," Journal of The Korea Society of Computer and Information, Vol.11, No.6, pp.35-47, Dec. 2006.
3 S.M. Bellobin and M. Merritt, "Excrypted Key Exchange: Password-based Protocols Secure Against Dictionary Attacks," IEEE Computer Society Conference on Research in Security and Privacy, pp. 72-84, 1992.
4 Kim, Hoi-Bok, Shin, Jung-Hoon, and Kim, Hyoung-Jin, "Journal of the Korea Society of Computer and Information," Journal of The Korea Society of Computer and Information, Vol. 14, No. 6, pp.51-57, June. 2009.
5 J.W. Lo, "The Improvement of YSYCT Scheme for Imbalanced Wireless Network," International J. of Network Security, Vol. 3, No. 1, pp. 39-43, Jul. 2006.
6 F. Zhu, D.S. Wong, A.H. Chan, and R. Ye, "Password Authenticated Key Exchange Based on RSA for Imbalanced Wireless Networks," Information Security Conference 2002(ISC 2002), LNCS 2433, pp. 150-161, 2002.
7 H.T. Yeh, H.M. Sun, C.T. Yang, B.C. Chen, and S.M. Tseng, "Improvement of Password Authenticated Key Exchange Based on RSA for Imbalanced Wireless Networks," IEICE Trans. on Communications, Vol. E86-B, No. 11, pp. 3278-3282, Nov. 2003.
8 C.C. Yang and R.C. Wang, "Cryptanalysis of Improvement of Password Authenticated Key Exchange Based on RSA for Imbalanced Wireless Networks," IEICE Trans. on Communications, Vol. E88-B, No. 11, pp. 4370-4372, Nov. 2005.   DOI   ScienceOn
9 Y. Ding and P. Horster, "Undetectable On-line Password Guessing Attacks," ACM Operating Systems Review, Vol. 29, pp. 77-86, 1995.   DOI   ScienceOn
10 T. Wu, "The secure remote password protocol," Proc. of the 1998 Internet Society Network and Distributed System Security Symposium, pp. 97-111, 1998.
11 Chae, Kang-Suk, and Jung, Sou-Hwan, "SRTP Key Exchange Scheme Using Split Transfer of Divided RSA Public Key," Journal of The Korea Society of Computer and Information, vol. 14, no. 12, pp.147-156, Dec. 2009.
12 M. Bellare, D. Pointcheval and P. Rogaway, "Authenticated Key Exchange Secure Against Dictionary Attacks," Eurocrypt 2000, LNCS 1807, pp. 139-155, 2000.
13 V. Boyko, P. MacKenzie and S. Patel, "Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman," Eurocrypt 2000, LNCS 1807, pp. 156-171, 2000.
14 E. Bresson, O. Chevassut and D. Pointcheval, "Group Diffie-Hellman Key Exchange Secure Against Dictionary Attacks," Asiacrypt 2002, LNCS 2501, pp. 603-610, 2002.
15 L. Lamport, "Password authentication with insecure communication," Communcations of the ACM, 24(11), pp. 770-772, 1981.   DOI   ScienceOn
16 D.S. Wong, A.H. Chan, and F. Zhu, "More Efficient Password Authenticated Key Exchange Based on RSA," Indocrypt 2003, LNCS 2904, pp. 375-387, 2003.