Abstract
Recently, Abdalla et al. proposed a gateway-oriented password-based authenticated key exchange (GPAKE) protocol among a client, a gateway, and an authentication server, where a password is only shared between the client and the authentication server. The security goal of GPAKE is to securely establish a session key between the client and the gateway by the help of the authentication server without revealing any information of the password to the gateway. In the letter, we show that a malicious gateway of GPAKE is still able to gain information of password by performing an undetectable on-line password guessing attack. We also present a countermeasure against the attack.
Original language | English |
---|---|
Pages (from-to) | 683-685 |
Number of pages | 3 |
Journal | IEEE Communications Letters |
Volume | 10 |
Issue number | 9 |
DOIs | |
Publication status | Published - 2006 Sept |
Keywords
- Authentication protocol
- Information security
- Security analysis
ASJC Scopus subject areas
- Modelling and Simulation
- Computer Science Applications
- Electrical and Electronic Engineering