Key exchange protocol is fundamental forestablishing secure communication channels over publicnetworks. Password-based key exchange protocols allowparties to share secret key in an authentic manner based onan easily memorizable password. Recently, a passwordbasedgroup key agreement based on Joux’s tripartite keyagreement is proposed to improve the performance whenusers join or leave the group. In this paper, we employ anonline dictionary attack on this protocol to show that suchkind of modification cannot achieve the basic security ofpassword based group key agreement. With this method, anadversary can test several passwords in one session, whichleads the key space reduces greatly to the potentialadversaries. To fill the gaps, we propose an improvedprotocol, which can avoid this attack. Finally, we prove thesecurity of our protocol under the random oracle and idealcipher model.
展开▼