3-party key agreement protocol secure against online and dictionary attacks

摘要

Frequent key changes are must in order to limit the amount of data compromised. Cryp-tography simply can not get o® the ground without e®ective key distribution mechanism. Several key agreement protocols are proposed on password based mechanism. These protocols are vulnerable to dictionary attacks. Traditional 3-party key agreement protcols are vulnerable to insider attacks and server becomes a monitoring centre which we dont want in most of the applications.EKE protocol is vulnerable to Denning-Sacco attacks. EKE demands storing clear text version of password on server which is always not possible. STW protocol was proved to be vulnerable to on-line and o®-line guessing attacks as it lacks server authentication to hosts. LSH 3- PEKE uses server public keys but its not an optimistic solution.the approach of using server public keys is not always a satisfactory solution and is impractical for some environments. Communication parties have to obtain and verify the public key of the server, a task which puts a high burden on the user. SAKA protocol has got limited applications as it is a 2-party protocol. In proposed protocol trusted third party(key Distribution server) mediates in key distribution. Rather than storing clear text version of password one way hash of the password is stored at the server. Every host and server agree upon family of commutative hash functions using which host authenticates itself to server when it applies for session key. During this protocol run host establishes one time key with server using which server also authenticates to host. This defeats man-in-the middle attacks.Di±e-Hellman protocol serves as basis for this protocol. It is secure against dictionary attacks as we use one time keys with server. It is also secure against malaicious insider attacks (host misuses the information in one protocol run to another)since we use one time keys. It also provides perfect forward secrecy i.e. even if one key is disclosed future session keys will not be disclosed. Moreover we don't use any public key infrastructure which needs large computational power. In this protocol server acts just like a authentication server not like a monitoring server. This protocol is also immune to o®-line and on-line guessing attacks as there is no veri¯able information is present.