Paper Info
Title
Dictionary Attacks against Password-Based Authenticated Three-Party Key Exchange Protocols.
Abstract
A three-party password-based authenticated key exchange (PAKE) protocol allows two clients registered with a trusted server to generate a common cryptographic key from their individual passwords shared only with the server. A key requirement for three-party PAKE protocols is to prevent an adversary from mounting a dictionary attack. This requirement must be met even when the adversary is a malicious (registered) client who can set up normal protocol sessions with other clients. This work revisits three existing three-party PAKE protocols, namely, Guo et al.'s (2008) protocol, Huang's (2009) protocol, and Lee and Hwang's (2010) protocol, and demonstrates that these protocols are not secure against offline and/or (undetectable) online dictionary attacks in the presence of a malicious client. The offline dictionary attack we present against Guo et al.'s protocol also applies to other similar protocols including Lee and Hwang's protocol. We conclude with some suggestions on how to design a three-party PAKE protocol that is resistant against dictionary attacks
Year
DOI
Venue
2013
10.3837/tiis.2013.12.016
KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS
Keywords
Field
DocType
Password-based authenticated key exchange (PAKE),three-party key exchange,password security,offline dictionary attack,undetectable online dictionary attack
Dictionary attack,Authentication,Password strength,Key exchange,Computer security,Computer science,Authenticated Key Exchange,Computer network,Password,Adversary,Key (cryptography)
Journal
Volume
Issue
ISSN
7
12
1976-7277
Citations 
PageRank 
References 
3
0.45
2
Authors
5
Name
Order
Citations
PageRank
Junghyun Nam135747.86
Kim-Kwang Raymond Choo24103362.49
Moonseong Kim314339.75
Juryon Paik414724.72
Dongho Won51262154.14