Title :
An enhanced password authenticated key exchange protocol without server public keys
Author :
Saeed, Maryam ; Mackvandi, Ali ; Naddafiun, M. ; Karimnejad, Hamid Reza
Author_Institution :
Iran Univ. of Sci. & Technol., Tehran, Iran
Abstract :
Password Authenticated Key Exchange (PAKE) protocols permit two entities to generate a large common session key and authenticate each other based on a pre-shared human memorable password. In 2006, Strangio proposed the DH-BPAKE protocol and claimed that the mentioned protocol is provably secure against several attacks. In this paper, it is shown that the DH-BPAKE protocol is vulnerable to password compromise impersonation attack and it is not efficient due to the number of running steps and its computational load. To overcome these weaknesses, an enhanced PAKE protocol is proposed which provides several security properties. In addition, it is proved that our proposed scheme is more sefficient1 (Secure & Efficient) in comparison with DH-BPAKE protocol.
Keywords :
authorisation; cryptographic protocols; DH-BPAKE protocol; common session key generation; cryptographic protocol; impersonation attack; password authenticated key exchange protocol; preshared human memorable password; Authentication; Cryptography; Dictionaries; Protocols; Resilience; Servers; Cryptographic Protocols; DH-BPAKE protocol; Network Security; Password Authentication Key Exchange (PAKE); Security Analysis;
Conference_Titel :
ICT Convergence (ICTC), 2012 International Conference on
Conference_Location :
Jeju Island
Print_ISBN :
978-1-4673-4829-4
Electronic_ISBN :
978-1-4673-4827-0
DOI :
10.1109/ICTC.2012.6386785
