Title :
Security Weaknesses in Chang and Wu´s Key Agreement Protocol for a Multi-Server Environment
Author :
Lee, Youngsook ; Won, Dongho
Author_Institution :
Sch. of Inf. & Commun. Eng., Sungkyunkwan Univ., Suwon
Abstract :
Recently, Chang and Wu have proposed an efficient key agrement protocol suited for a multi-server environment. This work reviews Chang and Wu´s protocol and provides a security analysis on the protocol. Our analysis shows that Chang and Wu´s protocol does not achieve its fundamental goal not only of password security but also of mutual authentication. We demonstrate these security flaws by mounting an off-line password guessing attack and two impersonation attacks, the sever impersonation attack and the user impersonation attack on Chang and Wu´s protocol. In addition, we found that the protocol is vulnerable to an attack against perfect forward secrecy.
Keywords :
authorisation; cryptography; protocols; impersonation attacks; key agreement protocol; multiserver environment; mutual authentication; offline password guessing attack; password security; perfect forward secrecy; security analysis; security weaknesses; Authentication; Costs; Cryptographic protocols; File servers; Humans; Information security; Network servers; Public key; Public key cryptography; Smart cards; key exchange protocol; mutual authentication; off-line password guessing attack; perfect forward secrecy; smart card;
Conference_Titel :
e-Business Engineering, 2008. ICEBE '08. IEEE International Conference on
Conference_Location :
Xi´an
Print_ISBN :
978-0-7695-3395-7
DOI :
10.1109/ICEBE.2008.56
