论文信息 - Security Analysis of Two Password-Authenticated Multi-Key Exchange Protocols

Security Analysis of Two Password-Authenticated Multi-Key Exchange Protocols

Mobile communications (e.g., emails, Snapchat and Facebook) over a wireless connection is a norm in our Internet-connected society. Ensuring the security of communications between devices is an ongoing challenge. A number of authenticated key exchange (AKE) protocols have been proposed to verify the authenticity of a user and the integrity of messages sent over an insecure wireless communication channel. Recently, Tsai et al. proposed two AKE protocols designed for wireless network systems. In this paper, we demonstrate that their protocols are vulnerable to off-line password guessing attacks through presenting concrete attacks, contrary to their claims.

Li Li | Kim-Kwang Raymond Choo | Debiao He | Min Luo | Xiaotong Zhou

[1] Zhenfu Cao,et al. Simple three-party key exchange protocol , 2007, Comput. Secur..

[2] Zhoujun Li,et al. Cryptanalysis of simple three-party key exchange protocol , 2008, Comput. Secur..

[3] David Pointcheval,et al. Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[4] Kun-Lin Tsai,et al. TTP Based High-Efficient Multi-Key Exchange Protocol , 2016, IEEE Access.

[5] Wei-Chi Ku,et al. Three weaknesses in a simple three-party key exchange protocol , 2008, Inf. Sci..

[6] W. Marsden. I and J , 2012 .

[7] Kevin Barraclough,et al. I and i , 2001, BMJ : British Medical Journal.

[8] Wei-Pang Yang,et al. A communication-efficient three-party password authenticated key exchange protocol , 2011, Inf. Sci..

[9] Zhengping,et al. Password-Authenticated Multiple Key Exchange Protocol for Mobile Applications , 2012 .

[10] Eun-Jun Yoon,et al. Cryptanalysis of a simple three-party password-based key exchange protocol , 2011, Int. J. Commun. Syst..

[11] Whitfield Diffie,et al. New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.