论文信息 - Security Analysis of a Password Authenticated Key Exchange Protocol

Security Analysis of a Password Authenticated Key Exchange Protocol

A password authenticated key exchange (PAKE) protocol allows two parties who share a memorable password to obtain a common shared cryptographic key. The central security requirement to such a protocol is that the password should not be subject to (offline) dictionary attack. Following the EKE proposed by Bellovin and Merritt in 1992 [1], many PAKE protocols have been proposed. In this paper we give a security analysis to an RSA-based PAKE protocol proposed in ISC’02 [12]. Our analysis shows that the protocol is subject to dictionary attack when the length of the ID of the second party is small; and therefore the security of the protocol is not related to the security parameters such as the size of the RSA modulo n or the length of the hash function. This violates the security definition of PAKE protocols. Previously well-designed PAKE protocols do not have this security flaw.

Feng Bao | F. Bao

[1] Mihir Bellare,et al. Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[2] Rafail Ostrovsky,et al. Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords , 2001, EUROCRYPT.

[3] Thomas D. Wu. The Secure Remote Password Protocol , 1998, NDSS.

[4] Sarvar Patel,et al. Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[5] Feng Zhu,et al. Password Authenticated Key Exchange Based on RSA for Imbalanced Wireless Networks , 2002, ISC.

[6] Steven M. Bellovin,et al. Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[7] Victor Shoup,et al. On Formal Models for Secure Key Exchange , 1999, IACR Cryptol. ePrint Arch..

[8] Stefan Lucks,et al. Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys , 1997, Security Protocols Workshop.

[9] Taekyoung Kwon,et al. Ultimate solution to authentication via memorable password , 2000 .

[10] Jerome H. Saltzer,et al. Protecting Poorly Chosen Secrets from Guessing Attacks , 1993, IEEE J. Sel. Areas Commun..

[11] David P. Jablon. Strong password-only authenticated key exchange , 1996, CCRV.