Paper 2010/052
Cryptanalysis and Improvement of a New Gateway-Oriented Password-Based Authenticated Key Exchange Protocol
FuShan Wei, QingFeng Cheng, and ChuanGui Ma
Abstract
Abdalla et al. proposed the first gateway-oriented password-based authenticated key exchange (GPAKE) protocol. The security goal of GPAKE is to securely establish a session key between the client and the gateway by the help of the authentication server without revealing any information of the password to the gateway. However, Byun et al. showed that the original GPAKE protocol was suspectable to an undetectable on-line dictionary attack by a malicious gateway. Recently, Abdalla et al. presented a new variant of the original GPAKE protocol to resist Byun et al.'s attack. In this letter, we show that the new GPAKE protocol is still vulnerable to another simple but powerful undetectable on-line dictionary attack. We then make a suggestion for improvement.
Metadata
- Available format(s)
- -- withdrawn --
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. Unknown where it was published
- Keywords
- authenticated key exchangepasswordundetectable on-line dictionary attack
- Contact author(s)
- weifs831020 @ 163 com
- History
- 2010-02-02: withdrawn
- 2010-02-01: received
- See all versions
- Short URL
- https://ia.cr/2010/052
- License
-
CC BY
