CryptoDB
Cryptanalysis and Improvement of a New Gateway-Oriented Password-Based Authenticated Key Exchange Protocol
| Authors: | |
|---|---|
| Download: | |
| Abstract: | Abdalla et al. proposed the first gateway-oriented password-based authenticated key exchange (GPAKE) protocol. The security goal of GPAKE is to securely establish a session key between the client and the gateway by the help of the authentication server without revealing any information of the password to the gateway. However, Byun et al. showed that the original GPAKE protocol was suspectable to an undetectable on-line dictionary attack by a malicious gateway. Recently, Abdalla et al. presented a new variant of the original GPAKE protocol to resist Byun et al.'s attack. In this letter, we show that the new GPAKE protocol is still vulnerable to another simple but powerful undetectable on-line dictionary attack. We then make a suggestion for improvement. |
BibTeX
@misc{eprint-2010-22953,
title={Cryptanalysis and Improvement of a New Gateway-Oriented Password-Based Authenticated Key Exchange Protocol},
booktitle={IACR Eprint archive},
keywords={cryptographic protocols / authenticated key exchange, password, undetectable on-line dictionary attack},
url={http://eprint.iacr.org/2010/052},
note={ weifs831020@163.com 14642 received 31 Jan 2010, withdrawn 2 Feb 2010},
author={FuShan Wei and QingFeng Cheng and ChuanGui Ma},
year=2010
}