Browse > Article
http://dx.doi.org/10.13089/JKIISC.2003.13.4.161

Remark on the Security of Password Schemes  

이희정 (강남대학교 응용수학)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.13, no.4, 2003 , pp. 161-168 More about this Journal
Abstract
We discuss the security of two famous password authenticated key exchange protocols, EKE2 and PAK. We introduce ′insider assisted attack′ Based on this assumption we point out weakness of the security of EKE2 and PAK protocols. More precisely, when the legitimate user wants to find other user′s password, called "insider-assisted attacker", the attacker can find out many ephemeral secrets of the server and then after monitoring on line other legitimate user and snatching some messages, he can guess a valid password of the user using the previous information. Of course for this kind of attack there are some constraints. Here we present a full description of the attack and point out that on the formal model, one should be very careful in describing the adversary′s behavior.
Keywords
subgroup confinement; password; authenticated key exchange; LCG;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Standard Specifications for Public Key Cryptography: Password-based Techniques /
[] / IEEE P1363.2
2 Entity authentication and key distribution /
[ M.Bellare;P.Rogaway ] / CRYPTO'93, Lecture Notes in Computer Science
3 /
[ P.MacKenzie ] / The PAK suites: Protocols for Password-Authenticated Key Exchange
4 Strong Password-only authenticated key exchange /
[ D.Jablon ] / ACM Computer Communications Review   DOI   ScienceOn
5 P.Mackenzie /
[ More Efficient Password-Anthenticated Key Exchange ] / RSA Conference, Cryp-tographer's Track
6 Password-authenticated key exchange based on RSA /
[ P.MacKenzie;S.Patel;R.Swaminathan ] / Asiacrypt
7 /
[ S.Halevi;H.Krawczyk ] / Public-key cryptography and password protocols
8 Factoring polyomial with integer coefficients /
[ A.K.Lenstra;H.W.Lenstra;L.Lovasz ] / Mathn. Ann
9 /
[ L.Gong;M.Lomas;R.Needham;J.Saltzer ] / Protecting poorly chosen cations
10 /
[] / FIPS 186-2 revised version 2002
11 Reconstructing truncated integer variables satisfying linear congruences /
[ Alan M.Frieze;Johan Hastad;Ravi Kannan;Jeffrey C.Lagarias;Adi Shamir ] / SIAM Journal on Computing   DOI   ScienceOn
12 Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password-file compromise /
[ S.Bellovin;M.Merritt ] / ACM Conference on Computer and Communications Security
13 /
[ M.Bellare;S.Goldwasser;D.Micciancio;B.Kaliski(ed.) ] / Pseudo-Random Number Generation within Cryptographic Algorithms: the DSS Case, Advances
14 Provably secure password-authenticated key exchange /
[ V.Boyko.P.MacKenzie;S.Patal ] / EUROCRYPT'2000, Lecture Notes in Computer Science   DOI
15 Authenticated key exchange secure against dictionary attacks /
[ M.Bellare;D.Pointcheaval;P.Rogaway ] / EUROCRYPT'2000, Lecture Notes in Computer Science
16 Authenticationand key agreement via memorable passwords /
[ T.Kwon ] / Network and Distributed System Security Symposium
17 Secure remote password protocol /
[ T.Wu ] / Net work and Distributed System Security Symposium
18 Lattice Reduction: A Toolbox for the Cryptanalyst /
[ A,Joux;J.Stem ] / Journal of Cryptology   DOI   ScienceOn
19 Encrypted key exchange: Paaword based protocol secure against dictionary attacks /
[ S.Bellovin;M.Merritt ] / Proceedings of IEEE Security and Privacy
20 On formal models for secure key exchange /
[ V.Shoup ] / IBM Research Report RZ3120
21 A Modular approach to the design and analysis of anthentication and key exchange protocols /
[ M.Bellare;R.Canetti;H.Krawczyk ] / STOC
22 Open key exchange: How to defeat dictionary attacks without encrypting public keys /
[ S.Lucks ] / The Workshop on Security Protocols
23 the art of computer programming /
[ D.E.Knuth ] / Seminumerical Algorithms(second edition)