The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Un protocole d'échange de clés de groupe (GKE) permet à un groupe de parties communiquant sur un réseau public d'établir une clé secrète commune. À mesure que les applications orientées groupe gagnent en popularité sur Internet, un certain nombre de protocoles GKE ont été suggérés pour fournir à ces applications un canal de multidiffusion sécurisé. Dans ce travail, nous étudions la sécurité du protocole GKE authentifié par mot de passe de Wu et Zhu présenté récemment dans FC'08. Le protocole de Wu et Zhu est efficace, prend en charge les groupes dynamiques et peut être construit de manière générique à partir de n'importe quel protocole d'échange de clés bipartite authentifié par mot de passe. Toutefois, malgré ses caractéristiques attractives, le protocole Wu-Zhu ne devrait pas être adopté sous sa forme actuelle. En raison d'un défaut dans sa conception, le protocole Wu-Zhu ne parvient pas à réaliser un échange de clés authentifié. Nous rapportons ici ce problème de sécurité avec le protocole Wu-Zhu et montrons comment le résoudre.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copier
Junghyun NAM, Juryon PAIK, Dongho WON, "Security Improvement on Wu and Zhu's Protocol for Password-Authenticated Group Key Exchange" in IEICE TRANSACTIONS on Fundamentals,
vol. E94-A, no. 2, pp. 865-868, February 2011, doi: 10.1587/transfun.E94.A.865.
Abstract: A group key exchange (GKE) protocol allows a group of parties communicating over a public network to establish a common secret key. As group-oriented applications gain popularity over the Internet, a number of GKE protocols have been suggested to provide those applications with a secure multicast channel. In this work, we investigate the security of Wu and Zhu's password-authenticated GKE protocol presented recently in FC'08. Wu and Zhu's protocol is efficient, supports dynamic groups, and can be constructed generically from any password-authenticated 2-party key exchange protocol. However, despite its attractive features, the Wu-Zhu protocol should not be adopted in its present form. Due to a flaw in its design, the Wu-Zhu protocol fails to achieve authenticated key exchange. We here report this security problem with the Wu-Zhu protocol and show how to solve it.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.E94.A.865/_p
Copier
@ARTICLE{e94-a_2_865,
author={Junghyun NAM, Juryon PAIK, Dongho WON, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Security Improvement on Wu and Zhu's Protocol for Password-Authenticated Group Key Exchange},
year={2011},
volume={E94-A},
number={2},
pages={865-868},
abstract={A group key exchange (GKE) protocol allows a group of parties communicating over a public network to establish a common secret key. As group-oriented applications gain popularity over the Internet, a number of GKE protocols have been suggested to provide those applications with a secure multicast channel. In this work, we investigate the security of Wu and Zhu's password-authenticated GKE protocol presented recently in FC'08. Wu and Zhu's protocol is efficient, supports dynamic groups, and can be constructed generically from any password-authenticated 2-party key exchange protocol. However, despite its attractive features, the Wu-Zhu protocol should not be adopted in its present form. Due to a flaw in its design, the Wu-Zhu protocol fails to achieve authenticated key exchange. We here report this security problem with the Wu-Zhu protocol and show how to solve it.},
keywords={},
doi={10.1587/transfun.E94.A.865},
ISSN={1745-1337},
month={February},}
Copier
TY - JOUR
TI - Security Improvement on Wu and Zhu's Protocol for Password-Authenticated Group Key Exchange
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 865
EP - 868
AU - Junghyun NAM
AU - Juryon PAIK
AU - Dongho WON
PY - 2011
DO - 10.1587/transfun.E94.A.865
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E94-A
IS - 2
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - February 2011
AB - A group key exchange (GKE) protocol allows a group of parties communicating over a public network to establish a common secret key. As group-oriented applications gain popularity over the Internet, a number of GKE protocols have been suggested to provide those applications with a secure multicast channel. In this work, we investigate the security of Wu and Zhu's password-authenticated GKE protocol presented recently in FC'08. Wu and Zhu's protocol is efficient, supports dynamic groups, and can be constructed generically from any password-authenticated 2-party key exchange protocol. However, despite its attractive features, the Wu-Zhu protocol should not be adopted in its present form. Due to a flaw in its design, the Wu-Zhu protocol fails to achieve authenticated key exchange. We here report this security problem with the Wu-Zhu protocol and show how to solve it.
ER -