Abstract
Recently, Lee et al. [S.W. Lee, H.S. Kim, K.Y. Yoo, Improvement of Lee and Lee's authenticated key agreement scheme, Appl. Math. Comput., in press] showed that Lee-Lee password-based authenticated key agreement scheme [N.Y. Lee, M.F. Lee, Further improvement on the modified authenticated key agreement scheme, Appl. Math. Comput. 157 (2004) 729-733] is vulnerable to an off-line dictionary attack and proposed an improved scheme. In this paper, we show that Lee et al.'s scheme is not only incomplete, i.e., two parties establishing a session key may not share a common session key, but also still vulnerable to an off-line dictionary attack, i.e., an adversary can confirm the correctness of a guessed-password by checking if the scheme's flows are in a domain (for example, whether a flow is in GF(n) or not). A main reason causing these security breaches is that the scheme's flows are constructed by using two different types of group operations. Finally, we suggest a simple counter-measure to overcome the problems.
Original language | English |
---|---|
Pages (from-to) | 858-865 |
Number of pages | 8 |
Journal | Applied Mathematics and Computation |
Volume | 168 |
Issue number | 2 |
DOIs | |
Publication status | Published - 2005 Sep 15 |
Keywords
- Cryptography
- Dictionary attacks
- Password-based key exchange
ASJC Scopus subject areas
- Computational Mathematics
- Applied Mathematics