Off-Line Dictionary Attack on Password-Based Authenticated Key Exchange Protocols
In 2010,Lee et al proposed two simple and efficient three-party password-authenticated key exchange protocols that had been proven secure in the random oracle model.They argued that the two protocols could resist offline dictionary attacks.Indeed,the provable approach did not provide protection against off-line dictionary attacks.This paper shows that the two protocols are vulnerable to off-line dictionary attacks in the presence of an inside attacker because of an authentication flaw.This study conducts a detailed analysis on the flaw in the protocols and also shows how to eliminate the security flaw.
key exchange password off-line dictionary attack provable security
XU Chungen YANG Yanjiong
Department of Applied Mathematics,Nanjing University of Science and Technology,Nanjing 210094,Jiangs Zijin College,Nanjing University of Science and Technology,Nanjing 210046,Jiangsu,China
国内会议
福州
英文
468-472
2012-10-27(万方平台首次上网日期,不代表论文的发表时间)