1 / 11

Cryptanalysis of Lee-Kim-Yoo password-based key agreement scheme

This paper analyzes the Lee-Kim-Yoo password-based key agreement scheme and identifies its vulnerabilities, particularly in terms of the incompleteness of the key computation process and susceptibility to offline dictionary attacks.

rtharp
Download Presentation

Cryptanalysis of Lee-Kim-Yoo password-based key agreement scheme

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptanalysis of Lee-Kim-Yoo password-based key agreement scheme From:Applied Mathematics and Computation, Volume 168, Issue 2, 15, Pages 858-865 Author:Jeoung Ok Kwon, Jung Yeon Hwang, Changwook Kim and Dong Hoon Lee Present by che-yuan chang Data:2006/12/13

  2. Outline • Introduction • Related work • LKY overview • Incompleteness of a key-computation process • Off-line dictionary attack • Conclusion

  3. Introduction • Password-based Authenticated Key Agreement (PAKA) • Diffie–Hellman scheme • The function of Password • authenticate each other • establish a session key • Drawback • Passwords are weak (password guessing attack ) • LKY • Incompleteness of a key-computation process • Off-line dictionary attack

  4. Related work(1/2) • Seo and Sweeney (1999) • Slight modification of the Diffie–Hellman scheme, and based on a preshared password method for user authentication • drawback:replay attack • Tseng (2000) • drawback:backward replay attack and modification attack • Ku and Wang (2000) • drawback:modification attack

  5. Related work(2/2) • Hsu (2003) • drawback:modification attack • Lee and Lee (2004) • drawback:password guessing attack • Lee (2004) • drawback:password guessing attack • Author (2005)

  6. LKY overview(1/4) • There are two phases:Key establishment phase and Key confirmation phase • share a common password P before the protocol is executed • n is a large prime and g is a generator of order n-1 in GF(n) • h is an one-way hash function • random number a、b

  7. LKY overview(2/4) Share P,n,g And random a Share P,n,g And random b

  8. LKY overview(3/4) • Incompleteness of a key-computation process • session key1 session key2 • Example • Solution • computes X1 omitting the last modular operation mod n. • Alice always checks if X1 ≦n-1 ≠

  9. LKY overview() • Incompleteness of a key-computation process • the probability Pr[Large] of incompleteness of LKY is at least • Pr[Large] is non-negligible if the difference between k and l is bounded by

  10. LKY overview(4/4) • Off-line dictionary attack • discover the password of Alice and Bob running the scheme LKY • Example • success probability of the attack is • Solution • Let is smaller than n in the mth bitposition for some m ( < m ≦ )

  11. Conclusion • LKY still vulnerable to an off-line dictionary attack by using two different types of group operations, a bit-wise XOR and a modular multiplication • we described a method which eliminates an useful redundancy that could be used by the adversary performing a dictionary attack

More Related