Abstract
Recently, Lee et al. [S.W. Lee, H.S. Kim, K.Y. Yoo, Improvement of Lee and Lee's authenticated key agreement scheme, Appl. Math. Comput., in press] showed that Lee-Lee password-based authenticated key agreement scheme [N.Y. Lee, M.F. Lee, Further improvement on the modified authenticated key agreement scheme, Appl. Math. Comput. 157 (2004) 729-733] is vulnerable to an off-line dictionary attack and proposed an improved scheme. In this paper, we show that Lee et al.'s scheme is not only incomplete, i.e., two parties establishing a session key may not share a common session key, but also still vulnerable to an off-line dictionary attack, i.e., an adversary can confirm the correctness of a guessed-password by checking if the scheme's flows are in a domain (for example, whether a flow is in GF(n) or not). A main reason causing these security breaches is that the scheme's flows are constructed by using two different types of group operations. Finally, we suggest a simple counter-measure to overcome the problems.
| Original language | English |
|---|---|
| Pages (from-to) | 858-865 |
| Number of pages | 8 |
| Journal | Applied Mathematics and Computation |
| Volume | 168 |
| Issue number | 2 |
| DOIs | |
| Publication status | Published - 2005 Sept 15 |
Bibliographical note
Funding Information:This research was supported by the MIC (Ministry of Information and Communication), Korea, under the ITRC (Information Technology Research Center) support program supervised by the IITA (Institute of Information Technology Assessment).
Keywords
- Cryptography
- Dictionary attacks
- Password-based key exchange
ASJC Scopus subject areas
- Computational Mathematics
- Applied Mathematics