Title :
An Improved Password-Based Authenticated Key Agreement Scheme for Pervasive Applications
Author :
Tsaur, M.-J. ; Wei-Chi Ku ; Hao-Rung Chung
Author_Institution :
Grad. Inst. of Appl. Sci. & Eng., Fu Jen Catholic Univ., Taipei
Abstract :
Password authentication is a popular approach used for user authentication in pervasive computing environments due to its simplicity and convenience. To secure the transmission between the communicants, an authenticated shared key should be established between the communicants as the encryption key or the MAC key. Recently, Chang, Yang, and Hwang presented a password-based authenticated key agreement scheme that was claimed to be superior to similar schemes with respect to security and efficiency. In this paper, we show that their scheme is vulnerable to a denial-of-service attack. In addition, we demonstrate that their protected password change mechanism fails to provide backward secrecy. Finally, we propose an improved password-based authenticated key agreement scheme that can resist our described denial-of-service attack and can provide backward secrecy.
Keywords :
cryptography; message authentication; ubiquitous computing; denial-of-service attack; encryption key; message authentication code key; password-based authenticated key agreement scheme; pervasive computing; user authentication; Application software; Authentication; Computer crime; Cryptography; Electronic mail; Pervasive computing; Protection; Resists; Sun; Ubiquitous computing; authentication; backward secrecy; key agreement; password;
Conference_Titel :
Embedded and Ubiquitous Computing, 2008. EUC '08. IEEE/IFIP International Conference on
Conference_Location :
Shanghai
Print_ISBN :
978-0-7695-3492-3
DOI :
10.1109/EUC.2008.17
