Weaknesses of 'Security Analysis and Enhancement for Three-Party Password-Based Authenticated Key Exchange Protocol'

机译：“安全分析和增强三方密码的经过认证密钥交换协议”的弱点

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

The three-party password-based authenticated key exchange (3PAKE) protocol allows two users to share a session key for future communication with the help of a trusted server in the public network. Recently, Zhao et al. [Zhao J., Gu D., Zhang L., Security analysis and enhancement for three-party password-based authenticated key exchange protocol, Security Communication Networks 2012; 5(3):273-278] proposed an efficient 3PAKE protocol using smart cards. They proved that their protocol can withstand various known attacks found in the previously published schemes. However, in this paper, we point out that their protocol is vulnerable to three kinds of attacks namely, off-line password-guessing attack, privileged insider attack and stolen smart card attack. Hence, Zhao et al.'s scheme is not recommended for practical applications.

机译：基于三方密码的经过身份验证的密钥交换（3Pake）协议允许两个用户在公共网络中的可信服务器的帮助下共享会话密钥以供将来通信。最近，赵等人。 [Zhao J.，GU D.，Zhang L.，基于三方密码的经过认证密钥交换协议，安全通信网络2012的安全分析和增强; 5（3）：273-278]使用智能卡提出了一种有效的3PAKE协议。他们证明，他们的协议可以承受先前发表的方案中发现的各种已知攻击。但是，在本文中，我们指出了他们的协议很容易受到三种攻击，即离线密码猜测攻击，特权内幕攻击并偷走智能卡攻击。因此，赵等人。不建议为实际应用推荐的方案。

著录项

来源
《International Conference on Data and Knowledge Engineering》|2012年||共7页
会议地点
作者
Muhammad Khurram Khan; Debiao He;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类 TP18-532;
关键词
Key exchange; Password; Three-party; off-line password guessing attack; privileged insider attack; stolen smart card attack;

机译：关键交换;密码;三方;离线密码猜测攻击;特权内幕攻击;偷了智能卡攻击;

相似文献

外文文献
中文文献
专利

1. Security analysis and enhancement for three-party password-based authenticated key exchange protocol [J] . Jianjie Zhao, Dawu Gu, Lei Zhang Security and Communications Networks . 2012,第3期

机译：基于第三方密码的身份验证密钥交换协议的安全性分析和增强
2. An Enhanced and Secure Three-Party Password-based Authenticated Key Exchange Protocol without Using Server's Public-Keys and Symmetric Cryptosystems [J] . Farash M. S., Attari M. A. Engineering Economics . 2014,第2期

机译：无需使用服务器的公钥和对称密码系统的增强的安全的，基于三方密码的身份验证密钥交换协议
3. Security Analysis and Enhancements of Verifier-Based Password-Authenticated Key Exchange Protocols in the Three-Party Setting [J] . Shuhua Wu Journal of information science and engineering . 2011,第3期

机译：第三方设置中基于验证者的密码验证密钥交换协议的安全性分析和增强
4. Weaknesses of "Security Analysis and Enhancement for Three-Party Password-Based Authenticated Key Exchange Protocol" [C] . Muhammad Khurram Khan, Debiao He International Conference on Data and Knowledge Engineering . 2012

机译：“安全分析和增强三方密码的经过认证密钥交换协议”的弱点
5. Control System Data Integrity Using a Variable-Round Message Authentication Code with an Elliptic Curve Key Exchange Protocol [D] . Fischer, Kenneth Alan. 2017

机译：使用带有椭圆曲线密钥交换协议的可变消息验证码控制系统数据完整性
6. Password-Only Authenticated Three-Party Key Exchange with Provable Security in the Standard Model [O] . Junghyun Nam, Kim-Kwang Raymond Choo, Junghwan Kim, -1

机译：在标准模型中具有可验证安全性的仅密码认证的第三方密钥交换
7. Cryptanalysis of Guo et al.’s three-party password-based authenticated key exchange (G-3PAKE) protocol [O] . Choi Sung-Bae, Yoon Eun-Jun 2011

机译：对Guo等基于密码的三方身份验证密钥交换（G-3PAKE）协议的密码分析
8. Security Analysis of a Multi-Factor Authenticated Key Exchange Protocol [R] . Hao, F., Clarke, D. 2012

机译：多因素认证密钥交换协议的安全性分析

Weaknesses of 'Security Analysis and Enhancement for Three-Party Password-Based Authenticated Key Exchange Protocol'

摘要

著录项

相似文献

相关主题

期刊订阅