Abstract
Very recently, Byun and Lee suggested two provably secure group Diffie-Hellman key exchange protocols using n participant’s distinct passwords. Unfortunately, the schemes were found to be flawed by Tang and Chen. They presented two password guessing attacks such as off-line and undetectable on-line dictionary attacks by malicious insider attacker. In this paper, we present concrete countermeasures for two malicious insider attacks, and modify the two group Diffie-Hellman key exchange protocols to be secure against malicious insider password guessing attacks. Our countermeasures do not require additional round costs, hence they are efficient.
This research was supported by the MIC(Ministry of Information and Communication), Korea, under the ITRC(Information Technology Research Center) support program supervised by the IITA(Institute of Information Technology Assessment).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abdalla, M., Pointcheval, D.: Interactive Diffie-Hellman Assumptions With Applications to Password-Based Authentication. In: Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 341–356. Springer, Heidelberg (2005)
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)
Bellovin, S., Merrit, M.: Encrypted key exchange: password based protocols secure against dictionary attacks. In: Proceedings of the Symposium on Security and Privacy, pp. 72–84 (1992)
Bresson, E., Chevassut, O., Pointcheval, D., Quisquater, J.J.: Provably authenticated group diffie-hellman key exchange. In: Proceedings of 8th ACM Conference on Computer and Communications Security, pp. 255–264 (2001)
Boyko, V., MacKenzie, P., Patel, S.: Provably secure password-authenticated key exchange using diffie-hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)
Byun, J.W., Lee, D.H.: N-party Encrypted Diffie-Hellman Key Exchange Using Different Passwords. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 75–90. Springer, Heidelberg (2005)
Byun, J.W., Jeong, I.R., Lee, D.H., Park, C.: Password-authenticated key exchange between clients with different passwords. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 134–146. Springer, Heidelberg (2002)
Ding, Y., Horster, P.: Undetectable On-line Password Guessing Attacks. ACM Operating System Review 29, 77–86 (1995)
Phan, R.C.-W., Goi, B.: Cryptanalysis of an Improved Client-to-Client Password-Authenticated Key Exchange (C2C-PAKE) Scheme. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 33–39. Springer, Heidelberg (2005)
Steiner, M., Tsudik, G., Waider, M.: Refinement and extension of encrypted key exchange. ACM Operation Sys. Review 29, 22–30 (1995)
Tang, Q., Chen, L.: Weaknesses in two group Diffie-Hellman Key Exchange Protocols, Cryptology ePrint Archive 2005/197 (2005)
Wang, S., Wang, J., Xu, M.: Weakness of a password-authenticated key exchange protocol between clients with different passwords. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 414–425. Springer, Heidelberg (2004)
Wu, T.: Secure remote password protocol. In: Proceedings of the Internet Society Network and Distributed System Security Symposium, pp. 97–111 (1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Byun, J.W., Lee, D.H., Lim, J. (2005). Password-Based Group Key Exchange Secure Against Insider Guessing Attacks. In: Hao, Y., et al. Computational Intelligence and Security. CIS 2005. Lecture Notes in Computer Science(), vol 3802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11596981_21
Download citation
DOI: https://doi.org/10.1007/11596981_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30819-5
Online ISBN: 978-3-540-31598-8
eBook Packages: Computer ScienceComputer Science (R0)