1 / 14

Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/10/29

Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol. Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/10/29. Outline. Introduction M otivation Demonstrate Scheme Security analysis

ariana-snider
Download Presentation

Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/10/29

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptanalysis of a Communication-EfficientThree-Party Password Authenticated KeyExchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung Sun (孫翠鴻) Date: 2010/10/29

  2. Outline • Introduction • Motivation • Demonstrate • Scheme • Security analysis • Advantage vs. weakness • Comment

  3. Introduction • Password-based Authenticated Key Exchange (PAKE) protocol • 3PAKE(Three-party model)

  4. , , Chang et al.’s Protocol ( T-Y. Chang, M-S. Hwang, W-P. Yang, A Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol, Information Sciences (2010),doi: 10.1016/j.ins.2010.08.032.) S B A Step 1 Step 2 Step 3 Step 4

  5. Check Check Check , , Check Check Check Session key Chang et al.’s Protocol S B A Step 5 Step 6

  6. Motivation • Chang et al. use XOR operation to achieve the security, but it is vulnerable to a partition attack. • To find a way achieve security base on 3PAKE and without server’s public key and symmetric encryption. • This paper will prove Chang et al.’s scheme is completely insecure and propose improve scheme.

  7. Step 2 off-line guess password (1) assume a password is a real A’s password. (2) use to distinguish whether the is in G or not. If and , it is a feasible password, probability is Other is a infeasible password, probability is Demonstrate Step 1 wiretap a valid session and get Step 3 repeat step 2 until the range of password narrowed down to a single password. c: the number of possible values not in Zp.

  8. First partition: True: eS1=9 Demonstrate • Example p= 23; Zp={0,1,…,41,22}; generator g=2 G={ } CD=D; D={pw1,pw2,pw3,pw4}={1,2,4,8} Assume A’s password is pw4 CD: set of candidate passwords. D: space of password. FD: feasible passwords : infeasible passwords (m)b: binary representation of message m

  9. True: Demonstrate Second partition: eS1=2; CD=FD={pw2,pw4} CD=FD={pw4}

  10. Scheme S B A Step 1 Step 2 Step 3 Step 4

  11. , , Check Check Check Check Check Check Session key Scheme S B A Step 5 Step 6

  12. Security analysis • Undetectable on-line guessing attack • Off-line guessing attack • Forward security of session key

  13. Advantage vs. weakness • Advantage • Using elliptic curve cryptography (ECC) additive operation replace XOR operator that attack can’t distinguish feasible and infeasible passwords. • ECC can achieve the same level of security with smaller key size. • It is applicable in low resource environments, like smart cards or mobile unit. • Easily noting authenticators ( ) • Weakness • Computing time and computational complexity are more than XOR.

  14. Comment • This paper use elliptic curve to replace Chang et al.’s XOR. Is the performance of this paper better then Chang et al.’s scheme? • The partition attack mention at demonstrate, something like brute-force attack which is not a efficiency attack. • The related work about Chang et al.’s scheme, from notation to step statement are the same as Chang et al.’s paper.

More Related