Paper 2005/141

Enhanced password-based key establishment protocol

Qiang Tang and Chris J. Mitchell

Abstract

In this paper we analyse a password-based authenticated key establishment protocol due to Laih, Ding and Huang, which enables a user to authenticate himself to a server and negotiate a shared session key. This protocol is also designed to guarantee that a human being is actually involved in an ongoing protocol execution. However we show that the protocol suffers from offline dictionary attacks. We propose an enhanced password-based authenticated key establishment protocol which is secure against offline dictionary attacks, and that possesses an additional feature guaranteeing that a user is involved in each protocol execution.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Unknown where it was published
Keywords
key agreementpassword guessing attacksauthentication
Contact author(s)
qiang tang @ rhul ac uk
History
2005-06-15: revised
2005-05-19: received
See all versions
Short URL
https://ia.cr/2005/141
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2005/141,
      author = {Qiang Tang and Chris J.  Mitchell},
      title = {Enhanced password-based key establishment protocol},
      howpublished = {Cryptology {ePrint} Archive, Paper 2005/141},
      year = {2005},
      url = {https://eprint.iacr.org/2005/141}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.