Security Weaknesses in Chang and Wus Key Agreement Protocol for a Multi-Server Environment
Recently, Chang and Wu have proposed an efficient key agrement protocol suited for a multi-server environment. This work reviews Chang and Wus protocol and provides a security analysis on the protocol. Our analysis shows that Chang and Wus protocol does not achieve its fundamental goal not only of password security but also of mutual authentication. We demonstrate these security flaws by mounting an off-line password guessing attack and two impersonation attacks, the sever impersonation attack and the user impersonation attack on Chang and Wus protocol. In addition, we found that the protocol is vulnerable to an attack against perfect forward secrecy.
Youngsook Lee Dongho Won
School of Information and Communication Engineering Sungkyunkwan University 300 Cheoncheon-dong, Jangan-gu, Suwon-si, Gyeonggi-do, 440-746, Korea
国际会议
AiR08,EM2108,SOAIC08,SIOKM08,BIMA08,DKEEE08(2008IEEE国际电子商务工程学术会议)
西安
英文
308-314
2008-10-22(万方平台首次上网日期,不代表论文的发表时间)