Browse > Article
http://dx.doi.org/10.9708/jksci/2012.17.9.091

A Security Analysis of Zhao and Gu's Key Exchange Protocol  

Nam, Jung-Hyun (Dept. of Computer Engineering, Konkuk University)
Paik, Ju-Ryon (Dept. of Computer Engineering, Sungkyunkwan University)
Lee, Young-Sook (Dept. of Cyber Investigation Police, Howon University)
Won, Dong-Ho (Dept. of Computer Engineering, Sungkyunkwan University)
Abstract
Key exchange protocols are essential for building a secure communication channel over an insecure open network. In particular, password-based key exchange protocols are designed to work when user authentication is done via the use of passwords. But, passwords are easy for human beings to remember, but are low entropy and thus are subject to dictionary attacks. Recently, Zhao and Gu proposed a new server-aided protocol for password-based key exchange. Zhao and Gu's protocol was claimed to be provably secure in a formal adversarial model which captures the notion of leakage of ephemeral secret keys. In this paper, we mount a replay attack on Zhao and Gu's protocol and thereby show that unlike the claim of provable security, the protocol is not secure against leakage of ephemeral secret keys. Our result implies that Zhao and Gu's proof of security for the protocol is invalid.
Keywords
Security; Key exchange protocol; Password; Attack;
Citations & Related Records
연도 인용수 순위
  • Reference
1 M. Abdalla, P. Fouque, and D. Pointcheval, "Password-based authenticated key exchange in the three-party setting," in Proceedings of PKC'05, LNCS vol. 3386, pp. 65-84, 2005.
2 R. Lu, Z. Cao, "Simple three-party key exchange protocol," Computers & Security, vol. 26, no. 1, pp. 94-97, 2007.   DOI   ScienceOn
3 K. Yoneyama, "Efficient and strongly secure password-based server aided key exchange," in Proceedings of Indocrypt'08, LNCS vol. 5365, pp. 172-184, 2008.
4 J. Steiner, C. Newman, and J. Schiller, "Kerberos: an authentication service for open network systems," in Proceedings of 1998 USENIX Winter Conference, pp. 191-202, 1998.
5 M. Bellare, D. Pointcheval, and P. Rogaway, "Authenticated key exchange secure against dictionary attacks," in Proceedings of Eurocrypt' 00, LNCS vol. 1807, pp. 139-155, 2000.
6 V. Boyko, P. MacKenzie, and S. Patel, "Provably secure password-authenticated key exchange using Diffie-Hellman," in Proceedings of Eurocrypt' 00, LNCS vol. 1807, pp. 156-171, 2000.
7 M. Zhang, "New approaches to password authenticated key exchange based on RSA," in Proceedings of Asiacrypt'04, LNCS vol. 3329, pp. 230-244, 2004.
8 M. Abdalla and D. Pointcheval, "Simple passwordbased encrypted key exchange protocols," in Proceedings of CT-RSA'05, LNCS vol. 3376, pp. 191-208, 2005.
9 J. Katz, R. Ostrovsky, and M. Yung, "Efficient and secure authenticated key exchange using weak passwords," Journal of the ACM, vol. 57, no. 1, pp. 78-116, 2009.
10 J. Katz and V. Vaikuntanathan, "Round-optimal password-based authenticated key exchange," in Proceedings of TCC'11, LNCS vol. 6597, pp. 293-310, 2011.
11 M. Steiner, G. Tsudik, and M. Waidner, "Refinement and extension of encrypted key exchange," ACM SIGOPS Operating Systems Review, vol. 29, no. 3, pp. 22-30, 1995.   DOI   ScienceOn
12 C. Lin, H. Sun, and T. Hwang, "Three-party encrypted key exchange: attacks and a solution," ACM SIGOPS Operating Systems Review, vol. 34, no. 4, pp. 12-20, 2000.   DOI
13 R. Canetti and H. Krawczyk, "Analysis of key-exchange protocols and their use for building secure channels," in Proceedings of Eurocrypt'01, LNCS vol. 2045, pp. 453-474, 2001.
14 J. Zhao and D. Gu, "Provably secure three-party password-based authenticated key exchange protocol," Information Sciences, vol. 184, no. 1, pp. 310-323, 2012.   DOI   ScienceOn
15 D. Cash, E. Kiltz, and V. Shoup, "The twin Diffie-Hellman problem and applications," in Proceedings of Eurocrypt'08, LNCS vol. 4965, pp. 127-145, 2008.
16 M. Bellare and P. Rogaway, "Random oracles are practical: A paradigm for designing efficient protocols," in Proceedings of 1st ACM Conference on Computer and Communications Security, pp. 62-73, 1993.
17 J. Nam, J. Paik, U. Kim, and D. Won, "Resource-aware protocols for authenticated group key exchange in integrated wired and wireless networks," Information Sciences, vol. 177, no. 23, pp. 5441-5467, 2007.   DOI   ScienceOn
18 K. Choo, C. Boyd, Y. Hitchcock, and G. Maitland, "On session identifiers in provably secure protocols," in Proceedings of 4th Conference on Security in Communication Networks, LNCS vol. 3352, pp. 351-366, 2005.
19 S. Bellovin and M. Merritt, "Encrypted key exchange: password-based protocols secure against dictionary attacks," in Proceedings of IEEE Symposium on Research in Security and Privacy, pp. 72-84, 1992.