An Enhanced Password-based Group Key Agreement Protocol with Constant Rounds

In PKC 2006, Abdalla et al. proposed a password-based group key exchange protocol with constant rounds and proved that protocol could resist the offline dictionary attacks in the random-oracle a nd ideal-cipher models. Then they proposed an open problem whether an adversary can test more than one password in the same session with online dictionary attack. To answer this question, they presented an online dictionary attack against their own protocol and declared that this new method is invalid to their protocol. In this paper, based on Abdalla et al.'s attack, we propose a modified attack and apply it to their protocol. The result shows, under the same assumption, our attack can test more than one password. We analyze the reason of this problem and develop a countermeasure to recover it. Finally, a security analysis in the random-oracle and ideal-ciph er models is presented to the enhanced protocol.

[1]  Yvo Desmedt,et al.  A secure and scalable Group Key Exchange system , 2005, Inf. Process. Lett..

[2]  C. L. Liu,et al.  Introduction to Combinatorial Mathematics. , 1971 .

[3]  Jun Li,et al.  Efficient and provably secure password-based group key agreement protocol , 2009, Comput. Stand. Interfaces.

[4]  Min-Shiang Hwang Dynamic participation in a secure conference scheme for mobile communications , 1999 .

[5]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[6]  Ratna Dutta,et al.  Password-based Encrypted Group Key Agreement , 2006, Int. J. Netw. Secur..

[7]  Chin-Chen Chang,et al.  A self-encryption mechanism for authentication of roaming and teleconference services , 2003, IEEE Trans. Wirel. Commun..

[8]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[9]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[10]  Feng Bao Analysis of a secure conference scheme for mobile communication , 2006, IEEE Transactions on Wireless Communications.

[11]  Emmanuel Bresson,et al.  Password-Based Group Key Exchange in a Constant Number of Rounds , 2006, Public Key Cryptography.

[12]  Maurizio Kliban Boyarsky,et al.  Public-key cryptography and password protocols: the multi-user case , 1999, CCS '99.

[13]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[14]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[15]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.