Title :
Security analysis and improvement of a gateway-oriented password-based authenticated key exchange protocol
Author :
Byun, Jin Wook ; Lee, Dong Hoon ; Lim, Jong In
Author_Institution :
Graduate Sch. of Inf. Security, Korea Univ., Seoul
Abstract :
Recently, Abdalla et al. proposed a gateway-oriented password-based authenticated key exchange (GPAKE) protocol among a client, a gateway, and an authentication server, where a password is only shared between the client and the authentication server. The security goal of GPAKE is to securely establish a session key between the client and the gateway by the help of the authentication server without revealing any information of the password to the gateway. In the letter, we show that a malicious gateway of GPAKE is still able to gain information of password by performing an undetectable on-line password guessing attack. We also present a countermeasure against the attack
Keywords :
client-server systems; cryptography; message authentication; protocols; telecommunication security; GPAKE; attack. countermeasure; gateway-oriented password-based authenticated key exchange protocol; on-line password guessing attack; security analysis; Cryptography; Dictionaries; Information security; Message authentication; Natural languages; Performance gain; Protocols;
Journal_Title :
Communications Letters, IEEE
DOI :
10.1109/LCOMM.2006.1714545
