본문 바로가기 주메뉴 바로가기
검색 검색영역닫기 검색 검색영역닫기 ENGLISH 메뉴 전체보기 메뉴 전체보기

논문

Cryptanalysis and enhancement of modified gateway- Oriented password-based authenticated key exchange protocol

https://doi.org/10.1093/ietfec/e91-a.12.3837

  • 저자심경아
  • 학술지IEICE Transations on Fundamentals of Electronics Communications and Computer Sciences 91/12
  • 등재유형
  • 게재일자(2008)


Abdalla et al. proposed a gateway-oriented password-based authenticated key exchange (GPAKE) protocol among a client, a gateway, and an authentication server, where a password is only shared between the client and the authentication server. The goal of their scheme is to securely establish a session key between the client and the gateway by the help of the authentication server without revealing any information on the password to the gateway. Recently, Byun et al. showed that Abdalla et al.'s GPAKE is insecure against undetectable on-line password guessing attacks. They also proposed a modified version to overcome the attacks. In this letter, we point out that Byun et al.'s modified GPAKE protocol is still insecure against the same attacks. We then make a suggestion for improvement.


Abdalla et al. proposed a gateway-oriented password-based authenticated key exchange (GPAKE) protocol among a client, a gateway, and an authentication server, where a password is only shared between the client and the authentication server. The goal of their scheme is to securely establish a session key between the client and the gateway by the help of the authentication server without revealing any information on the password to the gateway. Recently, Byun et al. showed that Abdalla et al.'s GPAKE is insecure against undetectable on-line password guessing attacks. They also proposed a modified version to overcome the attacks. In this letter, we point out that Byun et al.'s modified GPAKE protocol is still insecure against the same attacks. We then make a suggestion for improvement.

이 페이지에서 제공하는 정보에 대해 만족하십니까?