The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Abdallah et coll. a proposé un protocole d'échange de clés authentifié par mot de passe (GPAKE) orienté passerelle entre un client, une passerelle et un serveur d'authentification, dans lequel un mot de passe n'est partagé qu'entre le client et le serveur d'authentification. Le but de leur système est d'établir en toute sécurité une clé de session entre le client et la passerelle à l'aide du serveur d'authentification sans révéler aucune information sur le mot de passe de la passerelle. Récemment, Byun et al. ont montré que le GPAKE d'Abdalla et al. n'est pas sécurisé contre les attaques indétectables de devinette de mot de passe en ligne. Ils ont également proposé une version modifiée pour surmonter les attaques. Dans cette lettre, nous soulignons que le protocole GPAKE modifié de Byun et al. n'est toujours pas sécurisé contre les mêmes attaques. Nous faisons ensuite une suggestion d’amélioration.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copier
Kyung-Ah SHIM, "Cryptanalysis and Enhancement of Modified Gateway-Oriented Password-Based Authenticated Key Exchange Protocol" in IEICE TRANSACTIONS on Fundamentals,
vol. E91-A, no. 12, pp. 3837-3839, December 2008, doi: 10.1093/ietfec/e91-a.12.3837.
Abstract: Abdalla et al. proposed a gateway-oriented password-based authenticated key exchange (GPAKE) protocol among a client, a gateway, and an authentication server, where a password is only shared between the client and the authentication server. The goal of their scheme is to securely establish a session key between the client and the gateway by the help of the authentication server without revealing any information on the password to the gateway. Recently, Byun et al. showed that Abdalla et al.'s GPAKE is insecure against undetectable on-line password guessing attacks. They also proposed a modified version to overcome the attacks. In this letter, we point out that Byun et al.'s modified GPAKE protocol is still insecure against the same attacks. We then make a suggestion for improvement.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1093/ietfec/e91-a.12.3837/_p
Copier
@ARTICLE{e91-a_12_3837,
author={Kyung-Ah SHIM, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Cryptanalysis and Enhancement of Modified Gateway-Oriented Password-Based Authenticated Key Exchange Protocol},
year={2008},
volume={E91-A},
number={12},
pages={3837-3839},
abstract={Abdalla et al. proposed a gateway-oriented password-based authenticated key exchange (GPAKE) protocol among a client, a gateway, and an authentication server, where a password is only shared between the client and the authentication server. The goal of their scheme is to securely establish a session key between the client and the gateway by the help of the authentication server without revealing any information on the password to the gateway. Recently, Byun et al. showed that Abdalla et al.'s GPAKE is insecure against undetectable on-line password guessing attacks. They also proposed a modified version to overcome the attacks. In this letter, we point out that Byun et al.'s modified GPAKE protocol is still insecure against the same attacks. We then make a suggestion for improvement.},
keywords={},
doi={10.1093/ietfec/e91-a.12.3837},
ISSN={1745-1337},
month={December},}
Copier
TY - JOUR
TI - Cryptanalysis and Enhancement of Modified Gateway-Oriented Password-Based Authenticated Key Exchange Protocol
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 3837
EP - 3839
AU - Kyung-Ah SHIM
PY - 2008
DO - 10.1093/ietfec/e91-a.12.3837
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E91-A
IS - 12
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - December 2008
AB - Abdalla et al. proposed a gateway-oriented password-based authenticated key exchange (GPAKE) protocol among a client, a gateway, and an authentication server, where a password is only shared between the client and the authentication server. The goal of their scheme is to securely establish a session key between the client and the gateway by the help of the authentication server without revealing any information on the password to the gateway. Recently, Byun et al. showed that Abdalla et al.'s GPAKE is insecure against undetectable on-line password guessing attacks. They also proposed a modified version to overcome the attacks. In this letter, we point out that Byun et al.'s modified GPAKE protocol is still insecure against the same attacks. We then make a suggestion for improvement.
ER -