Paper 2010/427

Security Improvement on a Password-Authenticated Group Key Exchange Protocol

Junghyun Nam

Abstract

A group key exchange (GKE) protocol is designed to allow a group of parties communicating over a public network to establish a common secret key. As group-oriented applications gain popularity over the Internet, a number of GKE protocols have been suggested to provide those applications with a secure multicast channel. Among the many protocols is Yi et al.'s password-authenticated GKE protocol in which each participant is assumed to hold their individual password registered with a trusted server. A fundamental requirement for password-authenticated key exchange is security against off-line dictionary attacks. However, Yi et al.'s protocol fails to meet the requirement. In this work, we report this security problem with Yi et al.'s protocol and show how to solve it.

Metadata
Available format(s)
-- withdrawn --
Category
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Keywords
Group key exchangepassworddictionary attackidentity-based cryptography
Contact author(s)
jhnam @ kku ac kr
History
2010-08-02: withdrawn
2010-08-01: received
See all versions
Short URL
https://ia.cr/2010/427
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.