Browse > Article
http://dx.doi.org/10.13089/JKIISC.2008.18.1.3

Vulnerability of Two Password-based Key Exchange and Authentication Protocols against Off-line Password-Guessing Attacks  

Shim, Kyung-Ah (Ewha Womans University)
Lee, Hyang-Sook (Ewha Womans University)
Lee, Ju-Hee (Ewha Womans University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.18, no.1, 2008 , pp. 3-10 More about this Journal
Abstract
Since a number of password-based protocols are using human memorable passwords they are vulnerable to several kinds of password guessing attacks. In this paper, we show that two password-based key exchange and authentication protocols are insecure against off-line password-guessing attacks.
Keywords
Password-Based authentication protocol; Off-line Password guessing attack;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 S. Bellovin and M. Meritt, Encrypted key exchange: password-based on protocols secure against dictionary attacks, IEEE Computer Society Conference on Research in Security and Privacy (1992), pp. 72-84
2 S. Bellovin and M. Meritt, Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password- file compromised, ACM Conf. on Computer and Communications Security, pp. 244-250, 1993
3 곽진, 오수현, 양형규, 원동호, Advanced Modification 공격에 안전한 패스워드 기반키 동의 프로토콜, 정보처리학회논문지C 제11-C권 제3호, pp. 277-286 , 2004
4 I. C. Lin, C. C. Chang and M. S. Hwang, Security enhancement for the simple authentication key agreement algorithm, 24th Annual International Computer Software and Application Conference, pp. 113-115, 2000
5 V. Boyko, P. MacKenzie and S. Patel, Provably secure password authenticated key exchange using Diffie-Hellman, Advanced in Cryptography-Eurocrypt'00, LNCS 1807, Springer- Verlag, New York(2000), pp. 156-171
6 신성철, 이성운, 동일 서버를 사용하는 두 사용자 간 효율적인 패스워드 기반의 키 교환 프로토콜, 한국정보보호학회논문지, 1598-3986, 제15권 6호, pp. 127-133 , 2005   과학기술학회마을
7 W. C. Ku and S. D. Wang. Cryptanaysis of modified authenticated key agreement protocol, Electronics Letters, Vol.36, NO.21, pp. 1770-1771, 2000   DOI   ScienceOn
8 권태경, 강명호, 송주석, 패스워드 기반 시스템을 위한 효율적이고 안전한 인증 프로토콜의 설계 및 검증, 통신정보보호학회논문지 제 7권 제2호, pp. 27-42, 1997
9 H. Sun, B. Chen, and T. Hwang, Secure key agreement protocols for three-party against guessing attacks, The Journal of Systems and Software. Vol.75, NO.1-2, pp. 63-68, 2005   DOI   ScienceOn
10 M. Bellare, D. Pointcheval and P. Rogaway, Authenticated Key Exchange secure against Dictionary Attacks, Advanced in Cryptography-Eurocrypt'00, LNCS 1807, Springer-Verlag, New York(2000), pp. 139-155