|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Security Analysis of the Generalized Key Agreement and Password Authentication Protocol
Her-Tyan Yeh, Hung-Min Sun, and Tzonelih Hwang, Member, IEEE Abstract In this letter, we show that the enhanced version of the generalized key agreement and password authentication protocol, proposed by Kwon and Song, is insecure against the off-line password guessing attacks. Index Terms—Authentication, cryptography, key agreement, password. I. INTRODUCTION II. Entity authentication is one of the most important security services. It is necessary to verify the identities of the communication parties when they start a connection. This service is usually provided in combination with a key generation scheme between the parties. In 1992, Bellovin and Merritt [1] presented the well-known Encrypted Key Exchange protocol (EKE in short) such that two parties can authenticate each other and generate a session key via a shared password in advance. In general, people tend to choose an easy-to-remember password (or referred to as “weak passwords”), which is vulnerable to password guessing attacks (or referred to as “dictionary attacks”) if some verifiable information for the password is provided. EKE can resist the off-line password guessing attacks due to giving insufficient information to verify a guessed password (note that it is natural that the on-line password guessing attack can not be defeated by means of protocols themselves). Since then, a number of key agreement and password authentication protocols have been proposed [2]–[10] to defeat the off-line password guessing attacks. Recently, following EKE protocol, Kwon and Song [11] proposed a password-based authentication and key agreement protocol against the off-line password guessing attacks. Here, we call it the fundamental protocol. In order to reduce the transmission steps, he also proposed an enhanced version based on the fundamental protocol. In this letter, we point out that the enhanced version is insecure against the off-line password guessing attacks. The remainder of this paper is organized as follows. In Section II, we review the Kwon-Song protocols. In Section III, we point out that the enhanced version is insecure against the off-line password guessing attack. Finally, Section IV gives our conclusions. 
|
|
|
Reflection Attack on a Generalized Key Agreement and Password Authentication Protocol
Wei-Chi Ku, Hui-Lung Lee and Chien-Ming Chen SUMMARY In this letter, we show that a key agreement and password authentication protocol proposed by Kwon and Song is potentially vulnerable to a reflection attack, and then suggest simple improvements. key words: authentication, key agreement, password, reflection attack 1. Introduction Existing password authentication and key agreement protocols fall into two broad categories, one requires only low-entropy (easy-to-remember) passwords, e.g., [1]–[8], and the other must use high-entropy (difficult-to-remember) passwords, e.g., [9]–[11]. Clearly, using high-entropy passwords increases the memory burden of users. Although users can alternatively use tamper-resistant storage tokens, e.g., IC cards, to store their high-entropy passwords, however, it will eliminate the expected advantage of using passwords, i.e., convenience. In contrast, a protocol based on low-entropy passwords should avoid revealing verifiable information to the public, otherwise, the adversary can directly perform an off-line password guessing attack to obtain passwords. Although a protocol based on low-entropy passwords usually leads heavy computational load to its application systems, it has the advantage over a protocol based on high-entropy passwords in that it does not incur memory burden or inconvenience to users. Since we only focus on the security analysis of a protocol based on low-entropy passwords, ‘low-entropy password’ is hereafter referred to as ‘password’ for short. In 2000, Kwon and Song [12] proposed a generalized key agreement and password authentication protocol. For constrained environments, they also presented a condensed variant of their original protocol with fewer steps. Later, Yeh et al. [13] demonstrated that Kwon- Song’s condensed protocol is vulnerable to an off-line password guessing attack. In this letter, we will show that Kwon- Song’s original protocol is potentially vulnerable to a reflection attack [14]. Furthermore, we will also suggest simple improvements for Kwon-Song’s original protocol. 
|
|
|
说实话, R大的高度目前我等小菜还达不到, 好多文章我们目前还看不懂
 再如arab所说, 部分英文的更是要花时间去读, 这些都造成了回帖少的原因. 一些R大研究出的十分有价值的东西, 还是要点精标出让更多人学习的, 免得沉下去了. |
|
|
我先擺上來 ~~
到時那些都是書裏的一部份~~ 譬如~~ Kwon-Song Protocol 這個內容,會在 Public Key 裏的 Key Agreement 裏出現。 Magic Square 會在 block cipher 及 stream cipher 出現。 RSA 就會在 RSA 裏出現。 愛情密碼學那三篇會跟古典密碼學出現在前半面。 jackozoo 大大的古典那幾篇是以 symmetric cryptosystem 來進入主題。  愛情密碼那幾篇是以 asymmetric cryptosystem (public key) 來進入主題,剛開始,書的前幾章,都不能太難。這是我的一些安排跟規劃。 我知道因為 英文的關係,所以回帖的人少。  另一方面,在大家的幫忙下,密碼學版塊不至於荒廢下去。  當然有 jackozoo 大大發的幾帖,就夠嗆了,還有其他大大們的帖也是,都是好貨。  您們那些是主菜,我的是配料。
|
|
|
Off-line password-guessing attacks on the generalized key agreement and password authentication protocol
Kyungah Shim Department of Mathematics, Ewha Womans University, 11-1 Daehyun-dong, Seodaemun-gu, Seoul 120-750, South Korea Abstract In this paper, we show that the generalized key agreement and password authentication protocol, proposed by Kwon and Song [T. Kwon, J. Song, A study on the generalized key agreement and password authentication protocol, IEICE Trans. Comm. E83-E (9) (2000) 2044–2050], is vulnerable to off-line password guessing attacks. 2004 Elsevier Inc. All rights reserved. Keywords: Password-authenticated key agreement; Off-line password guessing attack 1. Introduction Two entities, who only share a password, and who are communicating over an insecure network, want to authenticate each other and agree on a session key to be used for protecting their subsequent communication. This is called the password-authenticated key exchange problem. The first password-authenticated key exchange (PAKE) protocol, known as Encrypted Key Exchange (EKE), was suggested by Bellovin and Merritt [1]. By using a combination of symmetric and public-key cryptography, EKE resists dictionary attacks by giving a passive attacker insufficient information to verify a guessed password. Since it was invented, many password-authenticated key agreement protocols that promised increased security have been developed [2–4,6,7,9,10,12]. 
|
