A Security Analysis of Zhao and Gu&#039;s Key Exchange Protocol (Zhao와 Gu가 제안한 키 교환 프로토콜의 안전성 분석)

남정현; Juryon Paik (백주련); Youngsook Lee (이영숙); WON, DONGHO (원동호)

A Security Analysis of Zhao and Gu's Key Exchange Protocol

Journal of The Korea Society of Computer and Information
Abbr : JKSCI
2012, 17(9), pp.91-101
Publisher : The Korean Society Of Computer And Information
Research Area : Engineering > Computer Science

남정현 ¹, Juryon Paik ², Youngsook Lee ³, WON, DONGHO ²

¹건국대학교
²성균관대학교
³호원대학교

Accredited

ABSTRACT

Key exchange protocols are essential for building a secure communication channel over an insecure open network. In particular, password-based key exchange protocols are designed to work when user authentication is done via the use of passwords. But, passwords are easy for human beings to remember, but are low entropy and thus are subject to dictionary attacks. Recently, Zhao and Gu proposed a new server-aided protocol for password-based key exchange. Zhao and Gu’s protocol was claimed to be provably secure in a formal adversarial model which captures the notion of leakage of ephemeral secret keys. In this paper, we mount a replay attack on Zhao and Gu’s protocol and thereby show that unlike the claim of provable security, the protocol is not secure against leakage of ephemeral secret keys. Our result implies that Zhao and Gu’s proof of security for the protocol is invalid.

KEYWORDS

Security, Key exchange protocol, Password, Attack

Citation status

* References for papers published after 2023 are currently being built.

[confproc] S. Bellovin / 1992 / Encrypted key exchange : password-based protocols secure against dictionary attacks / Proceedings of IEEE Symposium on Research in Security and Privacy : 72~84

[confproc] M. Bellare / 2000 / Authenticated key exchange secure against dictionary attacks / Proceedings of Eurocrypt’ 00 1807 : 139~155

[confproc] V. Boyko / 2000 / Provably secure password-authenticated key exchange using Diffie-Hellman / Proceedings of Eurocrypt’ 00 1807 : 156~171

[confproc] M. Zhang / 2004 / New approaches to password authenticated key exchange based on RSA / Proceedings of Asiacrypt’04 3329 : 230~244

[confproc] M. Abdalla / 2005 / Simple passwordbased encrypted key exchange protocols / Proceedings of CT-RSA’05 3376 : 191~208

[journal] J. Katz / 2009 / Efficient and secure authenticated key exchange using weak passwords / Journal of the ACM 57(1) : 78~116

[confproc] J. Katz / 2011 / Round-optimal password-based authenticated key exchange / Proceedings of TCC’11 6597 : 293~310

[journal] M. Steiner / 1995 / Refinement and extension of encrypted keyexchange / ACM SIGOPS Operating SystemsReview 29(3) : 22~30

[journal] C. Lin / 2000 / Three-party encrypted key exchange : attacks and a solution / ACM SIGOPS Operating Systems Review 34(4) : 12~20

[confproc] M. Abdalla / 2005 / Password-based authenticated key exchange inthe three-party setting / Proceedings ofPKC’05 3386 : 65~84

[journal] R. Lu / 2007 / Simple three-party key exchange protocol / Computers & Security 26(1) : 94~97

[confproc] K. Yoneyama / 2008 / Efficient and strongly secure password-based server aided key exchange / Proceedings of Indocrypt’08 5365 : 172~184

[confproc] J. Steiner / 1998 / Kerberos: an authentication service for opennetwork systems / Proceedings of 1998USENIX Winter Conference : 191~202

[journal] J. Zhao / 2012 / Provably secure three-party password-based authenticated key exchange protocol / Information Sciences 184(1) : 310~323

[confproc] D. Cash / 2008 / The twin Diffie-Hellman problem and applications / Proceedings of Eurocrypt’08 4965 : 127~145

[confproc] M. Bellare / 1993 / Random oracles are practical : A paradigm for designing efficient protocols / Proceedings of 1st ACM Conference on Computer and Communications Security : 62~73

[confproc] R. Canetti / 2001 / Analysis of key-exchange protocols and their use for building secure channels / Proceedings of Eurocrypt’01 2045 : 453~474

[journal] 남정현 / 200712 / Resource-aware protocols for authenticated group key exchange in integrated wired and wireless networks / INFORMATION SCIENCES / ELSEVIER SCIENCE INC 177(23) : 5441~5467

[confproc] K. Choo / 2005 / On session identifiers in provably secure protocols / Proceedings of 4th Conference on Security in Communication Networks 3352 : 351~366

KJCKorea
Journal Central

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65

A Security Analysis of Zhao and Gu's Key Exchange Protocol

ABSTRACT

KEYWORDS

Citation status

* References for papers published after 2023 are currently being built.

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65

A Security Analysis of Zhao and Gu's Key Exchange Protocol

ABSTRACT

KEYWORDS

Statistics

Tools

Issue List

Citation status

KCI Citation Counts (0)

REFERENCES (19) * References for papers published after 2023 are currently being built.

Search PDF

Citation

* References for papers published after 2023 are currently being built.