In:
ACM SIGOPS Operating Systems Review, Association for Computing Machinery (ACM), Vol. 34, No. 4 ( 2000-10), p. 12-20
Abstract:
Password-based mechanism is the widely used method for authentication since it allows people to choose their own passwords without any assistant device to generate or store. However, people are used to choose easy-to-remember passwords such that guessing attacks could succeed. In 1992, Bellovin and Merritt proposed Encrypted Key Exchange (EKE) protocols for preventing guessing attacks, in which two communication parties A and B securely share a possibly weak password in advance. In large communication environments, it is inconvenient in key management that every two communication parties mutually share a secret. Three-party EKE protocols, in which all parties (clients) share their secrets with a trusted server only, are more suitable for large communication environments. In 1995, Steiner, Tsudik and Waidner proposed a realization of three-party EKE protocol which is later demonstrated that it is vulnerable to undetectable on-line guessing attacks. In this paper, We will show a new off-line guessing attack on Steiner, Tsudik and Waidners' protocol. Besides, we will also propose a new three-party EKE protocol which not only is secure against both the off-line guessing attack and undetectable on-line guessing attacks but also satisfies the security properties of perfect forward secrecy and known-key security.
Type of Medium:
Online Resource
ISSN:
0163-5980
DOI:
10.1145/506106.506108
Language:
English
Publisher:
Association for Computing Machinery (ACM)
Publication Date:
2000
detail.hit.zdb_id:
2082220-0
detail.hit.zdb_id:
243805-7
Permalink