An Improved Dynamic Password based Group Key Agreement against Dictionary Attack

Key exchange protocol is fundamental for establishing secure communication channels over public networks. Password-based key exchange protocols allow parties to share secret key in an authentic manner based on an easily memorizable password. Recently, a password-based group key agreement based on Joux’s tripartite key agreement is proposed to improve the performance when users join or leave the group. In this paper, we employ an online dictionary attack on this protocol to show that such kind of modification cannot achieve the basic security of password based group key agreement. With this method, an adversary can test several passwords in one session, which leads the key space reduces greatly to the potential adversaries. To fill the gaps, we propose an improved protocol, which can avoid this attack. Finally, we prove the security of our protocol under the random oracle and ideal cipher model.

[1]  Jianhua Li,et al.  Password-based Dynamic Group Key Agreement , 2007, 2007 IFIP International Conference on Network and Parallel Computing Workshops (NPC 2007).

[2]  Emmanuel Bresson,et al.  Password-Based Group Key Exchange in a Constant Number of Rounds , 2006, Public Key Cryptography.

[3]  Hung-Yu Chien,et al.  Provably Secure Password-Based Three-Party Key Exchange With Optimal Message Steps , 2009, Comput. J..

[4]  R. Grigorovici,et al.  Optical Properties and Electronic Structure of Amorphous Germanium , 1966, 1966.

[5]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[6]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[7]  Hu Liang,et al.  Certificateless Authenticated Key Agreement Protocol against KCI and KRA , 2011, 2011 International Conference on Network Computing and Information Security.

[8]  Maurizio Kliban Boyarsky,et al.  Public-key cryptography and password protocols: the multi-user case , 1999, CCS '99.

[9]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[10]  Emmanuel Bresson,et al.  Group Diffie-Hellman Key Exchange Secure against Dictionary Attacks , 2002, ASIACRYPT.

[11]  S. O’Leary,et al.  Deviations from square-root distributions of electronic states in hydrogenated amorphous silicon and their impact upon the resultant optical properties , 2004 .

[12]  Srdjan Capkun,et al.  Key Agreement in Peer-to-Peer Wireless Networks , 2006, Proceedings of the IEEE.

[13]  Zhenfu Cao,et al.  Simple three-party key exchange protocol , 2007, Comput. Secur..

[14]  Jonathan Katz,et al.  Scalable Protocols for Authenticated Group Key Exchange , 2003, CRYPTO.

[15]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[16]  Zhoujun Li,et al.  Cryptanalysis of simple three-party key exchange protocol , 2008, Comput. Secur..

[17]  Song Han,et al.  Security of a key agreement protocol based on chaotic maps , 2008 .

[18]  Jiashu Zhang,et al.  Secure group key agreement protocol based on chaotic Hash , 2010, Inf. Sci..

[19]  Jun Li,et al.  Efficient and provably secure password-based group key agreement protocol , 2009, Comput. Stand. Interfaces.

[20]  Antoine Joux A One Round Protocol for Tripartite Diffie-Hellman , 2000, ANTS.

[21]  Tsai,et al.  Energy dependence of the optical matrix element in hydrogenated amorphous and crystalline silicon. , 1985, Physical review. B, Condensed matter.