Yuesheng Zhu,Limin Ma,Jinjiang Zhang

DOI: https://doi.org/10.1002/sec.1066

IF: 1.968

2014-01-01

Security and Communication Networks

Abstract:As one of the most important trusted third-party-based authentication protocols, Kerberos is widely used to provide authentication service in distributed networks. However, it is vulnerable to common brute force password-guessing attacks because of its password-based mechanism. Some enhanced Kerberos protocols based on public key cryptography were proposed as solutions, but they require excessive computation and communication resources. In this paper, a new enhanced Kerberos protocol with non-interactive zero-knowledge proof is proposed, in which the clients and the authentication server can mutually authenticate each other without revealing any information during the authentication process. Our security analysis and experimental results have shown that the proposed scheme can resist password-guessing attacks and is more convenient and efficient than previous schemes. Copyright (C) 2014 John Wiley & Sons, Ltd.

Ma Limin,Zhu Yuesheng

2014-01-01

Abstract:As an important trust third-party authentication protocol, Kerberos is widely deployed to provide authentication service in distributed networks. However, it is vulnerable to some attacks such as password guessing attack and replay attack. PKINIT is an enhanced Kerberos protocol based on public key cryptography to resist these attacks. However, it requires excessive computation and communication resources. A new scheme based on one-time password (OTP) mechanism is proposed and implemented to improve the security and computation efficiency of Kerberos protocol in this paper. Experiment results demonstrate that the proposed scheme can enhance the security of Kerberos and reduce 32.3% time of initial authentication exchange and is easier to be deployed than PKINIT. © 2014 ISSN 1881-803X.

XIE Qi,CHEN De-ren,YU Xiu-yuan

IF: 2.034

2010-01-01

Systems Engineering

Abstract:In 2009, Park, et al. proposed an efficient remote user authentication protocol. They claimed that their protocol was the first password and smart card based remote user authentication scheme which can resist the off-line password guessing attack, and had many advantages over existing solutions such as no password tables and timestamp, low communication and computational costs. However, this paper shows that their protocol cannot resist the forgery attack and off-line password guessing attack. To overcome the security weaknesses, two improved schemes based on either nonce or timestamp without affecting the merits of the Park, et al. scheme are proposed. Technical discussions are provided to show that the improved protocol is secure, efficient and practical.

XU Chun-xiang,HE Xiao-hu

DOI: https://doi.org/10.3969/j.issn.1001-0548.2012.04.023

2012-01-01

Abstract:Three-party password-based authenticated key exchange protocols allow two clients to authenticate each other and establish a shared session key through a trusted server who preserves clients’ passwords or verifiers about passwords.However,because of the low entropy of passwords,password-based authenticated key exchange protocols are vulnerable to dictionary attacks.Based on available protocols,a new efficient three-party password-based authenticated key exchange protocol is proposed by combining the symmetric encryption algorithm with the method of two-party key exchange protocol of Diffie-Hellman.Results indicate that and the proposed protocol can resist against various attacks and provide the perfect forward security.

Jianqing Fu,Jian Chen,Rong Fan,XiaoPing Chen,Lingdi Ping

DOI: https://doi.org/10.1109/wcse.2009.731

2009-01-01

Abstract:With the widespread use of mobile devices, authentication and privacy of identification become important issues. We analyzed the security flaws and shortcomings of a delegation-based authentication protocol which was proposed by Caimu Tang, et al., and provided an improved protocol. We use elliptic-curve cryptography and hash chain to ensure the safety of system in our scheme. The research results reveal that the improved protocol can not only corrects the security flaws but also improve the efficiency of key management and reduce the computational load.

Wang Changji,Yang Bo,Wu Jianping

DOI: https://doi.org/10.1007/s11767-005-0007-z

2005-01-01

Abstract:In 1999, Seo and Sweeney proposed a simple authenticated key agreement protocol that was designed to act as a Diffie-Hellman key agreement protocol with user authentication. Various attacks on this protocol are described and enhanced in the literature. Recently, Ku and Wang proposed an improved authenticated key agreement protocol, where they asserted the protocol could withstand the existing attacks. This paper shows that Ku and Wang’s protocol is still vulnerable to the modification attack and presents an improved authenticated key agreement protocol to enhance the security of Ku and Wang’s protocol. The protocol has more efficient performance by replacing exponentiation operations with message authentication code operations.

Andrew Chi-Chih Yao,Yunlei Zhao

DOI: https://doi.org/10.1109/tifs.2013.2293457

IF: 7.231

2014-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Key-exchange, in particular Diffie-Hellman key-exchange (DHKE), is among the core cryptographic mechanisms for ensuring network security. For key-exchange over the Internet, both security and privacy are desired. In this paper, we develop a family of privacy-preserving authenticated DHKE protocols named deniable Internet key-exchange (DIKE), both in the traditional PKI setting and in the identity-based setting. The newly developed DIKE protocols are of conceptual clarity and practical (online) efficiency. They provide useful privacy protection to both protocol participants, and add novelty and new value to the IKE standard. To the best of our knowledge, our protocols are the first provably secure DHKE protocols that additionally enjoy all the following privacy protection advantages: 1) forward deniability, actually concurrent non-malleable statistical zero-knowledge, for both protocol participants simultaneously; 2) the session transcript and session-key can be generated merely from DH-exponents (together with some public values), which thus cannot be traced to the pair of protocol participants; and 3) exchanged messages do not bear peer's identity, and do not explicitly bear player role information.

Chun-Li Lin,Hung-Min Sun,Tzonelih Hwang

DOI: https://doi.org/10.1145/371455.371460

2001-01-01

Abstract:In 1992, Bellovin and Merritt proposed Encrypted Key Exchange (EKE) protocols for preventing dictionary attacks on weak chosen passwords. In 1995, Steiner, Tsudik, and Waidner proposed a minimal DHEKE protocol which simplified the Diffie-Hellman based one of Bellovin and Merritts' protocols. In this paper, we propose two improvements on the minimal DHEKE protocol. These two improvements can reduce the computational cost further.

SH Wang,F Bao,J Wang

DOI: https://doi.org/10.1093/ietcom/e88-b.4.1641

2005-01-01

IEICE Transactions on Communications

Abstract:In 2002, Zhu et al. proposed a password authenticated key exchange protocol based on RSA such that it is efficient enough to be implemented on most of the target low-power devices such as smart cards and low-power Personal Digital Assistants in imbalanced wireless networks. Recently, YEH et al. claimed that Zhu et al.'s protocol not only is insecure against undetectable on-line password guessing attack but also does not achieve explicit key authentication. Thus they presented an improved version. Unfortunately, we find that YEH et al.'s password guessing attack does not come into existence, and that their improved protocol is vulnerable to off-line dictionary attacks. In this paper we describe our observation in details, and also comment for the original protocol on how to achieve explicit key authentication as well as resist against other existent attacks.

Victor Boyko,Philip MacKenzie,Sarvar Patel

DOI: https://doi.org/10.1007/3-540-45539-6_12

2000-01-01

Abstract:When designing password-authenticated key exchange protocols (as opposed to key exchange protocols authenticated using crypto-graphically secure keys), one must not allow any information to be leaked that would allow verification of the password (a weak shared key), since an attacker who obtains this information may be able to run an off-line dictionary attack to determine the correct password. We present a new protocol called PAK which is the first Diffie-Hellman-based password-authenticated key exchange protocol to provide a formal proof of security (in the random oracle model) against both passive and active adversaries. In addition to the PAK protocol that provides mutual explicit authentication, we also show a more efficient protocol called PPK that is provably secure in the implicit-authentication model. We then extend PAK to a protocol called PAK-X, in which one side (the client) stores a plaintext version of the password, while the other side (the server) only stores a verifier for the password. We formally prove security of PAK-X, even when the server is compromised. Our formal model for password-authenticated key exchange is new, and may be of independent interest.

Hung-Min Sun,Her-Tyan Yeh

DOI: https://doi.org/10.1016/j.jcss.2006.03.005

IF: 1.043

2006-01-01

Journal of Computer and System Sciences

Abstract:In an open networking environment, a workstation usually needs to identify its legal users for providing its services. Kerberos provides an efficient approach whereby a trusted third-party authentication server is used to verify users' identities. However, Kerberos enforces the user to use strong cryptographic secret for user authentication, and hence is insecure from password guessing attacks if the user uses a weak password for convenience. In this paper, we focus on such an environment in which the users can use easy-to-remember passwords. In addition to password guessing attacks, perfect forward secrecy (PFS in short) is another important security consideration when designing an authentication and key distribution protocol. Based on the capability of protecting the client's password, the application server's secret key, and the authentication server's private key, we define seven classes of perfect forward secrecy and focus on protocols achieving class-1, class-3, and class-7 due to their hierarchical relations. Then, we propose three secure authentication and key distribution protocols to provide perfect forward secrecy of these three classes. All these protocols are efficient in protecting poorly-chosen passwords chosen by users from guessing attacks and replay attacks.

舒剑,许春香

DOI: https://doi.org/10.3969/j.issn.1001-0548.2009.03.018

2009-01-01

Abstract:The security of an authenticated group key exchange is analyzed,the results show that it is insecure due to redundancy of the exchange messages.Based on the protocol of Burmester and Desmedt,an improved protocol is proposed with merits in terms of computation and communication.The improved protocol provides not only the capability of forward secrecy and mutual authentication,but also the capability against man-in-middle attack.The protocol is proven secure in the random-oracle and ideal-cipher models under the computational Diffie-Hellman(CDH) assumption.

ZHOU Xian-cun,XIONG Yan,LIU Ren-jin

DOI: https://doi.org/10.3969/j.issn.1000-3428.2012.20.021

2012-01-01

Abstract:Analysis indicates that Liaw et al's remote user authentication scheme is vulnerable to replay attack,man-in-the-middle attack,and there are obvious security vulnerabilities in the password changing phase and registration phase.A remote user authentication scheme based on Diffie-Hellman(D-H) key exchange protocol is proposed.Theoretical analysis shows that the scheme can resist impersonation attack,replay attack,man-in-the-middle attack,and it can implement mutual authentication and session key generation securely.

WANG Bin,LIU Gang

DOI: https://doi.org/10.3969/j.issn.1000-7024.2007.12.014

2007-01-01

Abstract:By studying the dynamic password authentication scheme and analyzing the new dynamic password authentication scheme which can resist jacking connection attack mentioned in Ref.[1],the way which protects the key information // is not good enough,although the password in this scheme is dynamic,this scheme can not resist the imitate server attack.To solve those problems,a improved scheme is proposed using Diffie-Hellman key exchange algorithm,the new scheme not only can conquer the security problem of the original scheme but also holds all security characteristics of the original scheme.So the computational complexity is decreased greatly,and the security characteristics is increased.

HT Yeh,HM Sun,CT Yang,BC Chen,SM Tseng

2003-01-01

IEICE Transactions on Communications

Abstract:Recently, Zhu et al. proposed an password-based authenticated key exchange protocol based on RSA such that it is efficient enough to be implemented on most of the target low-power devices such as smart cards and low-power Personal Digital Assistants in wireless networks. They claimed that the proposed scheme is secure against dictionary attacks. In this paper, we show that the scheme proposed by Zhu et al. is insecure against undetectable on-line password guessing attacks. Furthermore, we examine Zhu et al.'s protocol and find that Zhu et al.'s protocol does not, achieve explicit key authentication. An improved version is then proposed to defeat the undetectable on-line password guessing attacks and also provide explicit key authentication.

Yajuan Shi,Han Shen,Yuanyuan Zhang,Jianhua Chen

DOI: https://doi.org/10.14257/ijseia.2015.9.5.25

2015-01-01

International Journal of Software Engineering and Its Applications

Abstract:To keep the pace with the development of internet technology, remote user authentication techniques become more and more important to protect user's privacy. Recently, Kumari, et al., presented an improved remote user authentication scheme with key agreement based on dynamic-identity using smart card. This scheme allows legal users to change the password at his will without the need to connect the server. They claimed that their scheme could resist smart card stolen or loss attack, user impersonation and server masquerading attack, and provide user anonymity and untraceability and so on. However, our research indicates that their scheme is completely unsafe. Furthermore, the scheme can't provide the proper mutual authentication. In this manuscript, we will propose a new scheme, which can withstand those attacks mentioned above and provide the perfect user anonymity and forward secrecy. Security analysis makes it clear that the improved scheme apparently is more secure and practical.

He Debiao,Chen Jianhua,Hu Jin

2010-01-01

Abstract:He Debiao, Chen Jianhua, Hu Jin School of Mathematics and Statistics, Wuhan University, Wuhan, Hubei 430072, China hedebiao@163.com Abstract: Recently, Abdalla et al. proposed a new gateway-oriented password-based authenticated key exchange (GPAKE) protocol among a client, a gateway, and an authentication server, where each client shares a human-memorable password with a trusted server so that they can resort to the server for authentication when want to establish a shared session key with the gateway. In the letter, we show that a malicious client of GPAKE is still able to gain information of password by performing an undetectable on-line password guessing attack and can not provide the implicit key confirmation. At last, we present a countermeasure to against the attack.

Yang Yu,Aixin Zhang,Junhua Tang,Haopeng Chen

DOI: https://doi.org/10.1007/978-90-481-3662-9_42

2010-01-01

Abstract:Group communication mechanism provides several participants with a secure and credible communication environment by sharing a confidential group key within group members. Group Diffle-Hellman key exchange protocol (GDR) is an extension of two-party Diffie-Hellman key exchange. Many protocols based on GDH protocol have been proposed, among which AT-GDH protocol is an authenticated group key agreement protocol. AT-GDH2 protocol complements AT-GDH with a dynamic group key updating scheme. This paper proposes an improved dynamic scheme based on AT-GDH after analyzing the security flaws in AT-GDH2 protocol. We name this proposed group key management process as AT-GDH3. Then the security property of AT-GDH3 protocol is analyzed using the strand space and authentication test theory from the aspects of authentication, implicit key authentication, recency, backward security and forward security. The results show that AT-GDH3 protocol can overcome the security flaws in AT-GDH2 protocol, and can guarantee security properties of group key management.

舒剑,许春香

DOI: https://doi.org/10.3969/j.issn.1000-436x.2010.03.008

2010-01-01

Abstract:The security of a recently proposed password-based authenticated key exchange protocol was analyzed. Al- though it was provably secure in the standard model, it was vulnerable to reflection attacks. A modify scheme was pro- posed, which eliminated the defect of original scheme and improved the efficiency of the protocol. The security of the proposed scheme had been proven in the standard model under DDH assumption. The results show that it provides per- fect forward secrecy.

Haimin Jin,Duncan S. Wong,Yinlong Xu

DOI: https://doi.org/10.1007/978-3-540-77048-0_4

2007-01-01

Abstract:One of the prominent advantages of password-only two-server authenticated key exchange is that the user password will remain secure against offline dictionary attacks even after one of the servers has been compromised. The first system of this type was proposed by Yang, Deng and Bao in 2006. The system is efficient with a total of eight communication rounds in one protocol run. However, the security assumptions are strong. It assumes that one particular server cannot be compromised by an active adversary. It also assumes that there exists a secure communication channel between the two servers. Recently, a new protocol has been proposed by the same group of researchers. The new one removes these assumptions, but in return pays a very high price on the communication overhead. It takes altogether ten rounds to complete one protocol run and requires more computation. Therefore, the question remains is whether it is possible to build a protocol which can significantly reduce the number of communication rounds without introducing additional security assumptions or computational complexity. In this paper, we give an affirmative answer by proposing a very efficient protocol with no additional assumption introduced. The protocol requires only six communication rounds without increasing the computational complexity.