본문 바로가기
  • Home

A Security Analysis of Zhao and Gu's Key Exchange Protocol

  • Journal of The Korea Society of Computer and Information
  • Abbr : JKSCI
  • 2012, 17(9), pp.91-101
  • Publisher : The Korean Society Of Computer And Information
  • Research Area : Engineering > Computer Science

남정현 1 Juryon Paik 2 Youngsook Lee 3 WON, DONGHO 2

1건국대학교
2성균관대학교
3호원대학교

Accredited

ABSTRACT

Key exchange protocols are essential for building a secure communication channel over an insecure open network. In particular, password-based key exchange protocols are designed to work when user authentication is done via the use of passwords. But, passwords are easy for human beings to remember, but are low entropy and thus are subject to dictionary attacks. Recently, Zhao and Gu proposed a new server-aided protocol for password-based key exchange. Zhao and Gu’s protocol was claimed to be provably secure in a formal adversarial model which captures the notion of leakage of ephemeral secret keys. In this paper, we mount a replay attack on Zhao and Gu’s protocol and thereby show that unlike the claim of provable security, the protocol is not secure against leakage of ephemeral secret keys. Our result implies that Zhao and Gu’s proof of security for the protocol is invalid.

Citation status

* References for papers published after 2022 are currently being built.