Security analysis and improvement of a gateway-oriented password-based authenticated key exchange protocol

Jin Wook Byun; Dong Hoon Lee; Jong In Lim

doi:10.1109/LCOMM.2006.060558

Security analysis and improvement of a gateway-oriented password-based authenticated key exchange protocol

Jin Wook Byun, Dong Hoon Lee, Jong In Lim

School of Cybersecurity

Research output: Contribution to journal › Article › peer-review

30 Citations (Scopus)

Abstract

Recently, Abdalla et al. proposed a gateway-oriented password-based authenticated key exchange (GPAKE) protocol among a client, a gateway, and an authentication server, where a password is only shared between the client and the authentication server. The security goal of GPAKE is to securely establish a session key between the client and the gateway by the help of the authentication server without revealing any information of the password to the gateway. In the letter, we show that a malicious gateway of GPAKE is still able to gain information of password by performing an undetectable on-line password guessing attack. We also present a countermeasure against the attack.

Original language	English
Pages (from-to)	683-685
Number of pages	3
Journal	IEEE Communications Letters
Volume	10
Issue number	9
DOIs	https://doi.org/10.1109/LCOMM.2006.060558
Publication status	Published - 2006 Sept

Keywords

Authentication protocol
Information security
Security analysis

ASJC Scopus subject areas

Modelling and Simulation
Computer Science Applications
Electrical and Electronic Engineering

Access to Document

10.1109/LCOMM.2006.060558

Cite this

@article{e06ee2ac4d9c4fb0a687bd1865361c02,

title = "Security analysis and improvement of a gateway-oriented password-based authenticated key exchange protocol",

abstract = "Recently, Abdalla et al. proposed a gateway-oriented password-based authenticated key exchange (GPAKE) protocol among a client, a gateway, and an authentication server, where a password is only shared between the client and the authentication server. The security goal of GPAKE is to securely establish a session key between the client and the gateway by the help of the authentication server without revealing any information of the password to the gateway. In the letter, we show that a malicious gateway of GPAKE is still able to gain information of password by performing an undetectable on-line password guessing attack. We also present a countermeasure against the attack.",

keywords = "Authentication protocol, Information security, Security analysis",

author = "Byun, {Jin Wook} and Lee, {Dong Hoon} and Lim, {Jong In}",

year = "2006",

month = sep,

doi = "10.1109/LCOMM.2006.060558",

language = "English",

volume = "10",

pages = "683--685",

journal = "IEEE Communications Letters",

issn = "1089-7798",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "9",

}

TY - JOUR

T1 - Security analysis and improvement of a gateway-oriented password-based authenticated key exchange protocol

AU - Byun, Jin Wook

AU - Lee, Dong Hoon

AU - Lim, Jong In

PY - 2006/9

Y1 - 2006/9

N2 - Recently, Abdalla et al. proposed a gateway-oriented password-based authenticated key exchange (GPAKE) protocol among a client, a gateway, and an authentication server, where a password is only shared between the client and the authentication server. The security goal of GPAKE is to securely establish a session key between the client and the gateway by the help of the authentication server without revealing any information of the password to the gateway. In the letter, we show that a malicious gateway of GPAKE is still able to gain information of password by performing an undetectable on-line password guessing attack. We also present a countermeasure against the attack.

AB - Recently, Abdalla et al. proposed a gateway-oriented password-based authenticated key exchange (GPAKE) protocol among a client, a gateway, and an authentication server, where a password is only shared between the client and the authentication server. The security goal of GPAKE is to securely establish a session key between the client and the gateway by the help of the authentication server without revealing any information of the password to the gateway. In the letter, we show that a malicious gateway of GPAKE is still able to gain information of password by performing an undetectable on-line password guessing attack. We also present a countermeasure against the attack.

KW - Authentication protocol

KW - Information security

KW - Security analysis

UR - http://www.scopus.com/inward/record.url?scp=33947167200&partnerID=8YFLogxK

U2 - 10.1109/LCOMM.2006.060558

DO - 10.1109/LCOMM.2006.060558

M3 - Article

AN - SCOPUS:33947167200

SN - 1089-7798

VL - 10

SP - 683

EP - 685

JO - IEEE Communications Letters

JF - IEEE Communications Letters

IS - 9

ER -

Security analysis and improvement of a gateway-oriented password-based authenticated key exchange protocol

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this