Security analysis and improvement of a gateway-oriented password-based authenticated key exchange protocol

Jin Wook Byun, Dong Hoon Lee, Jong In Lim

Research output: Contribution to journalArticlepeer-review

30 Citations (Scopus)

Abstract

Recently, Abdalla et al. proposed a gateway-oriented password-based authenticated key exchange (GPAKE) protocol among a client, a gateway, and an authentication server, where a password is only shared between the client and the authentication server. The security goal of GPAKE is to securely establish a session key between the client and the gateway by the help of the authentication server without revealing any information of the password to the gateway. In the letter, we show that a malicious gateway of GPAKE is still able to gain information of password by performing an undetectable on-line password guessing attack. We also present a countermeasure against the attack.

Original languageEnglish
Pages (from-to)683-685
Number of pages3
JournalIEEE Communications Letters
Volume10
Issue number9
DOIs
Publication statusPublished - 2006 Sept

Keywords

  • Authentication protocol
  • Information security
  • Security analysis

ASJC Scopus subject areas

  • Modelling and Simulation
  • Computer Science Applications
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'Security analysis and improvement of a gateway-oriented password-based authenticated key exchange protocol'. Together they form a unique fingerprint.

Cite this