Xiancun Zhou,Yan Xiong,Renjin Liu

DOI: https://doi.org/10.1007/978-3-642-34041-3_1

2012-01-01

Abstract:It is provided that a security analysis on Liaw-Lin-Wu's remote user authentication scheme. Our analysis shows the scheme is vulnerable to Man-in-the-middle attack. What's more, there are obvious security vulnerabilities in it. An improved remote user authentication scheme based on Diffie-Hellman key exchange protocol is proposed. Analysis shows the scheme is secure not only to achieve mutual authentication, but also to generate a session key in the same time. It has overcome security deficiencies of Liaw-Lin-Wu's scheme. It is efficient and practical.

Muneer Alwazzeh,Sameer Karaman,Mohammad Nur Shamma

DOI: https://doi.org/10.13052/jcsm2245-1439.933

2020-07-01

Journal of Cyber Security and Mobility

Abstract:Network security and related issues have been discussed thoroughly in this paper, especially at transport layer security network protocol, which concern with confidentiality, integrity, availability, authentication, and accountability. To mitigate and defeat Man-in-the-middle-attacks, we have proposed a new model which consists of sender and receiver systems and utilizes a combination of blowfish (BF) and Advanced Encryption Standard (AES) algorithms, symmetric key agreement to distribute public keys, Elliptic Curve Cryptography (ECC) to create secret key, and then Diffe Hellman (DH) for key exchange. Both SHA-256 hashing and Elliptic Curve Digital Signature Algorithm (ECDSA) have been applied for integrity, and authentication, respectively.

JIA Jing,XUE Zhi

DOI: https://doi.org/10.3969/j.issn.1009-8054.2007.04.043

2007-01-01

Abstract:SSL protocol has been one of the key technologies for realizing secure communication in internet, it plays a has the function in encrypting and authenticating information transmission, however SSL may not be a flawless protocol. The paper first introduces SSL protocol and man-in-the-middle attack, then analyses the problem of distrust in the handshake of SSL protocol, discusses the restriction of trust negotiation based on X.509 digital certificate, and makes a concrete analysis of the principle of ssl man-in-the-middle attack based on arp redirection. Finally, the paper gives some suggestions on how to prevent the attack.

AO Qingyun,FAN Ruohan,BAI Yingcai

DOI: https://doi.org/10.3969/j.issn.1000-3428.2001.04.031

2001-01-01

Abstract:Key establishment is the heart of data protection that relies on cryptography, and it is an essential component of the packet protection mechanisms in many Internet security protocols. In this paper, we introduce some key negotiation schemes based on Diffie-Hellman key exchange technology. We also give some discussion on each of them.

Xiuqing Chen -,Tianjie Cao -,Qiao Yu -

DOI: https://doi.org/10.4156/aiss.vol5.issue5.68

2013-01-01

INTERNATIONAL JOURNAL ON Advances in Information Sciences and Service Sciences

Abstract:Radio Frequency Identification (RFID) is a technology designed to automatically identify a myriad of everyday objects and people. Due to widely spread of the RFID applications, some useful message can be attacked by adversaries. Thus, to eliminate the security problem, the security requirements for privacy-preserving RFID authentication protocols are evident. In this paper, we discuss unique manin-the-middle attacks on extending RFID authentication protocols. In particular, we show that the revised protocols which rely on the use of elliptic curve cryptography (ECC), grouping proof and RFID localization algorithms. Furthermore, we demonstrate that the proposed protocols can resist unique man-in-the-middle attacks and replay attacks.

ZHOU Xian-cun,XIONG Yan,LIU Ren-jin

DOI: https://doi.org/10.3969/j.issn.1000-3428.2012.20.021

2012-01-01

Abstract:Analysis indicates that Liaw et al's remote user authentication scheme is vulnerable to replay attack,man-in-the-middle attack,and there are obvious security vulnerabilities in the password changing phase and registration phase.A remote user authentication scheme based on Diffie-Hellman(D-H) key exchange protocol is proposed.Theoretical analysis shows that the scheme can resist impersonation attack,replay attack,man-in-the-middle attack,and it can implement mutual authentication and session key generation securely.

Zehua Chen,Linsen Li,Yue Wu,Xinglei Zhang

DOI: https://doi.org/10.1109/ICEICE.2012.448

2012-01-01

Abstract:As the RFID technology and application in many different fields continue to evolve and mature, the security and privacy issues about RFID application also become more and more important. However, the traditional unidirectional ECDLP-based authentication protocol cannot satisfy the security demands under various attacks on the RFID system. In this paper, we present a mutual authentication improvement proposal for traditional unidirectional ECDLP-Based RFID Authentication protocols by using the Diffie-Hellman key exchange and the randomized key method. The randomized key method is our former research on this research direction. Our security analysis shows that the proposed improved protocols get better security and privacy performance respectively.

Chun-Li Lin,Hung-Min Sun,Tzonelih Hwang

DOI: https://doi.org/10.1145/506106.506108

2000-01-01

ACM SIGOPS Operating Systems Review

Abstract:Password-based mechanism is the widely used method for authentication since it allows people to choose their own passwords without any assistant device to generate or store. However, people are used to choose easy-to-remember passwords such that guessing attacks could succeed. In 1992, Bellovin and Merritt proposed Encrypted Key Exchange (EKE) protocols for preventing guessing attacks, in which two communication parties A and B securely share a possibly weak password in advance. In large communication environments, it is inconvenient in key management that every two communication parties mutually share a secret. Three-party EKE protocols, in which all parties (clients) share their secrets with a trusted server only, are more suitable for large communication environments. In 1995, Steiner, Tsudik and Waidner proposed a realization of three-party EKE protocol which is later demonstrated that it is vulnerable to undetectable on-line guessing attacks. In this paper, We will show a new off-line guessing attack on Steiner, Tsudik and Waidners' protocol. Besides, we will also propose a new three-party EKE protocol which not only is secure against both the off-line guessing attack and undetectable on-line guessing attacks but also satisfies the security properties of perfect forward secrecy and known-key security.

Andrew Chi-Chih Yao,Yunlei Zhao

DOI: https://doi.org/10.1109/tifs.2013.2293457

IF: 7.231

2014-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Key-exchange, in particular Diffie-Hellman key-exchange (DHKE), is among the core cryptographic mechanisms for ensuring network security. For key-exchange over the Internet, both security and privacy are desired. In this paper, we develop a family of privacy-preserving authenticated DHKE protocols named deniable Internet key-exchange (DIKE), both in the traditional PKI setting and in the identity-based setting. The newly developed DIKE protocols are of conceptual clarity and practical (online) efficiency. They provide useful privacy protection to both protocol participants, and add novelty and new value to the IKE standard. To the best of our knowledge, our protocols are the first provably secure DHKE protocols that additionally enjoy all the following privacy protection advantages: 1) forward deniability, actually concurrent non-malleable statistical zero-knowledge, for both protocol participants simultaneously; 2) the session transcript and session-key can be generated merely from DH-exponents (together with some public values), which thus cannot be traced to the pair of protocol participants; and 3) exchanged messages do not bear peer's identity, and do not explicitly bear player role information.

Ronald Y. Chang,Sian-Jheng Lin,Wei-Ho Chung

DOI: https://doi.org/10.1109/apsipa.2013.6694207

2013-01-01

Abstract:Diffie-Hellman protocol is a classical secret key exchange protocol for secure communications. This paper considers the extension of the original two-party Diffie-Hellman protocol to multi-party key distribution in wireless multi-way relay networks where multiple users can only communicate with one another through a single relay. Two efficient key exchange protocols are proposed. A performance comparison with existing methods adapted to the relay networks shows the enhanced efficiency and the originality of the proposed protocols designed specifically for the multi-way relay networks.

Chun-Li Lin,Hung-Min Sun,Tzonelih Hwang

DOI: https://doi.org/10.1145/371455.371460

2001-01-01

Abstract:In 1992, Bellovin and Merritt proposed Encrypted Key Exchange (EKE) protocols for preventing dictionary attacks on weak chosen passwords. In 1995, Steiner, Tsudik, and Waidner proposed a minimal DHEKE protocol which simplified the Diffie-Hellman based one of Bellovin and Merritts' protocols. In this paper, we propose two improvements on the minimal DHEKE protocol. These two improvements can reduce the computational cost further.

Rui Jiang,LI Jian-Hua,Li Pan,蒋睿,李建华,潘理

2006-01-01

Abstract:Simple authenticated key agreement algorithm is one of the Diffie-Hellman key agreement variations. It prevents man-in-the-middle attack with only two more packets required to agree on the secret session key, but it has some weaknesses. In this paper, a new enhanced simple authenticated key agreement algorithm is proposed to overcome these weaknesses on the basis of analyzing the weaknesses of the related protocols. The new enhanced simple authenticated key agreement algorithm can get over replay attack and password guessing attack, provide perfect forward secrecy, and hold the merits of the simple authenticated key agreement algorithm.

LIU Jie,LI Jian-hua

DOI: https://doi.org/10.3778/j.issn.1002-8331.2008.14.031

2008-01-01

Computer Engineering and Applications Journal

Abstract:Investigate a Diffie-Hellman key exchange protocol which is integrated into digital signature algorithm.Analyze Phan's improved protocol and give a further improvement.Then a novel key exchange protocol based on RSA-OAEP cryptosystem is presented.The protocol is simple,efficient and can provide standard security attributes that key exchange protocols should have.

XIANG Yong-qian,CHEN Jian-hua

DOI: https://doi.org/10.3969/j.issn.1671-1122.2012.11.009

2012-01-01

Abstract:In order to ensure the security of communications in the public network environment,a tripartite authenticated key exchange protocol has been widespread concern.In 2009,Yang et al proposed a tripartite authenticated key exchange protocol based on elliptic curve cryptography in mobile e-commerce environment.However,Tan pointed out that the protocol of Yang et al.was suffered a counterfeit attack.In order to improve security,Tan proposed an improved agreement.However,Nose pointed out that Tan's protocol can not resist counterfeit attacks and man-in-the-middle attack.In order to improve security,Author propose a new tripartite authenticated key exchange protocol.

Guoqiang Bai,Rui Ma,Guang Xiao

IF: 1.019

2001-01-01

Chinese Journal of Electronics

Abstract:Guang Gong and Lein Harn proposed a new Diffie-Hellman public-key distribution scheme that is based on third-order linear feedback shift register sequences over GF(p) and its security is based on the difficulty of solving the discrete logarithm in GF(p(3)). However, a method for attacking the scheme is presented in this paper. Despite that the method could not break up it fully, it indicates that the security of the scheme is likely to be not being based on the difficulty of solving the discrete logarithm in GF(p(3)). With this method, we have also obtained the weak private keys of the scheme.

Andrew C. Yao,Yunlei Zhao

DOI: https://doi.org/10.1007/978-3-642-13708-2_20

2010-01-01

Abstract:In this work, we develop a family of non-malleable and deniable Diffie-Hellman key-exchange (DHKE) protocols, named deniable Internet key-exchange (DIKE). The newly developed DIKE protocols are of conceptual clarity, provide much remarkable privacy protection to protocol participants, and are of highly practical (online) efficiency.For the security of the DIKE protocols, we formulate the notion of tag-based robust non-malleability (TBRNM) for DHKE protocols, which ensures robust non-malleability for DHKE protocols against concurrent man-in-the-middle (CMIM) adversaries and particularly implies concurrent forward deniability for both protocol participants. We show that the TBRNM security and the session-key security (SK-security) in accordance with the Canetti-Krawczyk framework are mutually complementary, thus much desirable to have DHKE protocols that enjoy both of them simultaneously. We prove our DIKE protocol indeed satisfies both (privacy preserving) TBRNM security and SK-security (with post-specified peers). The TBRNM analysis is based on a variant of the knowledge-of-exponent assumption (KEA), called concurrent KEA assumption introduced and clarified in this work, which might be of independent interest.

Hong‐Yi Fan

2007-01-01

Abstract:In a wireless mobile communication system,users and network servers need to authenticate one another and agreement on a session key used for encryption purposes in their conversation.This paper provides security analysis of a mutual authentication and key establishment protocol for wireless communication based on elliptic curve cryptography.Unfortunately proposed by Fangmin Deng et al.,then pointed out that their protocol does not achieve some essential security requirement including forward secrecy,impersonation attack and man-in-middle attack.

XU Chun-xiang,HE Xiao-hu

DOI: https://doi.org/10.3969/j.issn.1001-0548.2012.04.023

2012-01-01

Abstract:Three-party password-based authenticated key exchange protocols allow two clients to authenticate each other and establish a shared session key through a trusted server who preserves clients’ passwords or verifiers about passwords.However,because of the low entropy of passwords,password-based authenticated key exchange protocols are vulnerable to dictionary attacks.Based on available protocols,a new efficient three-party password-based authenticated key exchange protocol is proposed by combining the symmetric encryption algorithm with the method of two-party key exchange protocol of Diffie-Hellman.Results indicate that and the proposed protocol can resist against various attacks and provide the perfect forward security.

L Fan,CX Xu,JH Li

DOI: https://doi.org/10.1049/el:20020502

2002-01-01

Electronics Letters

Abstract:Deniable authentication is a new kind of authentication, by which means a receiver cannot prove the source of a message to a third party. A deniable authentication protocol, which is based on the Deffie-Hellman key exchange protocol, is presented. It does not require a trusted third party, and the protocol can resist person-in-the-middle attack.

Victor Boyko,Philip MacKenzie,Sarvar Patel

DOI: https://doi.org/10.1007/3-540-45539-6_12

2000-01-01

Abstract:When designing password-authenticated key exchange protocols (as opposed to key exchange protocols authenticated using crypto-graphically secure keys), one must not allow any information to be leaked that would allow verification of the password (a weak shared key), since an attacker who obtains this information may be able to run an off-line dictionary attack to determine the correct password. We present a new protocol called PAK which is the first Diffie-Hellman-based password-authenticated key exchange protocol to provide a formal proof of security (in the random oracle model) against both passive and active adversaries. In addition to the PAK protocol that provides mutual explicit authentication, we also show a more efficient protocol called PPK that is provably secure in the implicit-authentication model. We then extend PAK to a protocol called PAK-X, in which one side (the client) stores a plaintext version of the password, while the other side (the server) only stores a verifier for the password. We formally prove security of PAK-X, even when the server is compromised. Our formal model for password-authenticated key exchange is new, and may be of independent interest.