[1] Liu Xiumei, Zhou Fucai, Chang Guiran,. Improved key exchange protocol for three-partybased on verifier authentication [J]. Journal of Southeast University (English Edition), 2008, 24 (3): 322-324. [doi:10.3969/j.issn.1003-7985.2008.03.017]
Copy
Improved key exchange protocol for three-partybased on verifier authentication(
)
一种改进的基于验证值的三方密钥交换协议
)Journal of Southeast University (English Edition)[ISSN:1003-7985/CN:32-1325/N]
- Volumn:
- 24
- Issue:
- 2008 3
- Page:
- 322-324
- Research Field:
- Information and Communication Engineering
- Publishing date:
- 2008-09-30
Info
- Title:
- Improved key exchange protocol for three-partybased on verifier authentication
- 一种改进的基于验证值的三方密钥交换协议
- Author(s):
- Liu Xiumei1; Zhou Fucai2; Chang Guiran1
-
1 Computer Center, Northeastern University, Shenyang 110004, China
2 School of Information Science and Engineering, Northeastern University, Shenyang 110004, China
- PACS:
- TN911.22
- DOI:
- 10.3969/j.issn.1003-7985.2008.03.017
- Abstract:
- To prevent server compromise attack and password guessing attacks, an improved and efficient verifier-based key exchange protocol for three-party is proposed, which enables two clients to agree on a common session key with the help of the server.In this protocol, the client stores a plaintext version of the password, while the server stores a verifier for the password.And the protocol uses verifiers to authenticate between clients and the server.The security analysis and performance comparison of the proposed protocol shows that the protocol can resist many familiar attacks including password guessing attacks, server compromise attacks, man-in-the-middle attacks and Denning-Sacco attacks, and it is more efficient.
- 为防止服务器泄露攻击和口令猜测攻击, 提出了一种基于验证值的三方密钥交换协议.该协议用于实现2个客户通过与第三方服务器间的交互协商出会话密钥的过程.协议中客户只需要记住自己的口令, 而服务器端则存储与口令对应的验证值, 客户与服务器之间的身份认证通过验证值来完成.对协议的安全分析结果表明, 该协议能抵御很多已知的攻击, 包括服务器泄漏攻击、口令猜测攻击、中间人攻击以及Denning-Sacco攻击等.对协议的效率评估表明该协议是高效的.
References:
[1] Bellovin S M, Merritt M.Encrypted key exchange:password-based protocols secure against dictionary attacks[C]//IEEE Symposium on Security and Privacy. New York:IEEE Press, 1992:72-84.
[2] Jablon D.Strong password-only authenticated key exchange[J].Computer Communication Review, 1996, 26(5):5-26.
[3] Lucks S.Open key exchange:how to defeat dictionary attacks without encrypting public keys[C]//Proceedings of the Security Protocol Workshop. Berlin:Springer-Verlag, 1997:79-90.
[4] Abdalla Michel, Fouque Pierre-Alain, Pointcheval David.Password-based authenticated key exchange in the three-party setting[C]//Lecture Notes in Computer Science. Berlin:Springer-Verlag, 2005:65-84.
[5] Bellovin S M, Merritt M.Augmented encrypted key exchange:a password-based protocol secure against dictionary attacks and password file compromise[R].AT&T Bell Laboratories, 1994.
[6] Kwon T, Kang M, Jung S.An improvement of the password-based authentication protocol(K1P)on security against replay attacks[J].IEICE Transactions on Communications, 1999, E82-B(7):991-997.
[7] Jablon D.Extended password methods immune to dictionary attack[C]//WETICE Enterprise Security Workshop. Cambridge, MA, 1997:248-255.
[8] Sun H M, Chen B C, Hwang T.Secure key agreement protocols for three-party against guessing attacks[J].The Journal of Systems and Software, 2003, 75(1/2):63-68.
[9] Lee S W, Kim H S, Yoo K Y.Efficient verifier-based key agreement protocol for three parties without server’s public key[J].Applied Mathematics and Computation, 2005, 167(1):996-1003.
Memo
- Memo:
-
Biographies: Liu Xiumei(1976—), female, graduate;Chang Guiran(corresponding author), male, professor, chang@neu.edu.cn.
Foundation items: The National High Technology Research and Development Program of China(863 Program)(No.2001AA115300), the Natural Science Foundation of Liaoning Province(No.20031018, 20062023).
Citation: Liu Xiumei, Zhou Fucai, Chang Guiran.Improved key exchange protocol for three-party based on verifier authentication[J].Journal of Southeast University(English Edition), 2008, 24(3):322-324.