An Enhanced Password Authenticated Key Exchange Protocol without Server Public Keys
Password Authenticated Key Exchange (PAKE) protocols permit two entities to generate a large common session key and authenticate each other based on a pre-shared human memorable password. In 2006, Strangio proposed the DH-BPAKE protocol and claimed that the mentioned protocol is provably secure against several attacks. In this paper, it is shown that the DH-BPAKE protocol is vulnerable to password compromise impersonation attack and it is not efficient due to the number of running steps and its computational load. To overcome these weaknesses, an enhanced PAKE protocol is proposed which provides several security properties. In addition, it is proved that our proposed scheme is more sefficient1 (Secure & Efficient) in comparison with DH-BPAKE protocol.
Network Security Password Authentication Key Exchange (PAKE) Security Analysis Cryptographic Protocols DH-BPAKE protocol
Maryam Saeed Hadi Shahriar Shahhoseini
Iran University of Science and Technology Tehran, Iran
国际会议
海口
英文
421-425
2011-02-22(万方平台首次上网日期,不代表论文的发表时间)