Password-Based Group Key Exchange Secure Against Insider Guessing Attacks
- 712 Downloads
Very recently, Byun and Lee suggested two provably secure group Diffie-Hellman key exchange protocols using n participant’s distinct passwords. Unfortunately, the schemes were found to be flawed by Tang and Chen. They presented two password guessing attacks such as off-line and undetectable on-line dictionary attacks by malicious insider attacker. In this paper, we present concrete countermeasures for two malicious insider attacks, and modify the two group Diffie-Hellman key exchange protocols to be secure against malicious insider password guessing attacks. Our countermeasures do not require additional round costs, hence they are efficient.
KeywordsMalicious User Dictionary Attack Password Authentication Malicious Inside Ideal Cipher
Unable to display preview. Download preview PDF.
- 3.Bellovin, S., Merrit, M.: Encrypted key exchange: password based protocols secure against dictionary attacks. In: Proceedings of the Symposium on Security and Privacy, pp. 72–84 (1992)Google Scholar
- 4.Bresson, E., Chevassut, O., Pointcheval, D., Quisquater, J.J.: Provably authenticated group diffie-hellman key exchange. In: Proceedings of 8th ACM Conference on Computer and Communications Security, pp. 255–264 (2001)Google Scholar
- 11.Tang, Q., Chen, L.: Weaknesses in two group Diffie-Hellman Key Exchange Protocols, Cryptology ePrint Archive 2005/197 (2005)Google Scholar
- 13.Wu, T.: Secure remote password protocol. In: Proceedings of the Internet Society Network and Distributed System Security Symposium, pp. 97–111 (1998)Google Scholar