Cryptology ePrint Archive: Report 2005/141

Enhanced password-based key establishment protocol

Qiang Tang and Chris J. Mitchell

Abstract: In this paper we analyse a password-based authenticated key establishment protocol due to Laih, Ding and Huang, which enables a user to authenticate himself to a server and negotiate a shared session key. This protocol is also designed to guarantee that a human being is actually involved in an ongoing protocol execution. However we show that the protocol suffers from offline dictionary attacks. We propose an enhanced password-based authenticated key establishment protocol which is secure against offline dictionary attacks, and that possesses an additional feature guaranteeing that a user is involved in each protocol execution.

Category / Keywords: key agreement, password guessing attacks, authentication

Date: received 10 May 2005, last revised 15 Jun 2005

Contact author: qiang tang at rhul ac uk

Available formats: PDF | BibTeX Citation

Version: 20050615:165954 (All versions of this report)

Discussion forum: Show discussion | Start new discussion