Summary
|
For Full-Text PDF, please login, if you are a member of IEICE, or go to Pay Per View on menu list, if you are a nonmember of IEICE. |
|
Security Analysis on an Improvement of RSA-Based Password Authenticated Key Exchange Shuhong WANG Feng BAO Jie WANG Publication IEICE TRANSACTIONS on Communications Vol.E88-B No.4 pp.1641-1646 Publication Date: 2005/04/01 Online ISSN: DOI: 10.1093/ietcom/e88-b.4.1641 Print ISSN: 0916-8516 Type of Manuscript: LETTER Category: Fundamental Theories for Communications Keyword: authenticated, key exchange, password, RSA, (undetectable) dictionary attack, Full Text: PDF(91.8KB)>>
Summary: In 2002, Zhu et al. proposed a password authenticated key exchange protocol based on RSA such that it is efficient enough to be implemented on most of the target low-power devices such as smart cards and low-power Personal Digital Assistants in imbalanced wireless networks. Recently, YEH et al. claimed that Zhu et al.'s protocol not only is insecure against undetectable on-line password guessing attack but also does not achieve explicit key authentication. Thus they presented an improved version. Unfortunately, we find that YEH et al.'s password guessing attack does not come into existence, and that their improved protocol is vulnerable to off-line dictionary attacks. In this paper we describe our observation in details, and also comment for the original protocol on how to achieve explicit key authentication as well as resist against other existent attacks. | |||||
|
