Cryptanalysis of Lee-Kim-Yoo password-based key agreement scheme

Jeoung Ok Kwon, Jung Yeon Hwang, Changwook Kim, Dong Hoon Lee

Research output: Contribution to journalArticlepeer-review

9 Citations (Scopus)

Abstract

Recently, Lee et al. [S.W. Lee, H.S. Kim, K.Y. Yoo, Improvement of Lee and Lee's authenticated key agreement scheme, Appl. Math. Comput., in press] showed that Lee-Lee password-based authenticated key agreement scheme [N.Y. Lee, M.F. Lee, Further improvement on the modified authenticated key agreement scheme, Appl. Math. Comput. 157 (2004) 729-733] is vulnerable to an off-line dictionary attack and proposed an improved scheme. In this paper, we show that Lee et al.'s scheme is not only incomplete, i.e., two parties establishing a session key may not share a common session key, but also still vulnerable to an off-line dictionary attack, i.e., an adversary can confirm the correctness of a guessed-password by checking if the scheme's flows are in a domain (for example, whether a flow is in GF(n) or not). A main reason causing these security breaches is that the scheme's flows are constructed by using two different types of group operations. Finally, we suggest a simple counter-measure to overcome the problems.

Original languageEnglish
Pages (from-to)858-865
Number of pages8
JournalApplied Mathematics and Computation
Volume168
Issue number2
DOIs
Publication statusPublished - 2005 Sept 15

Keywords

  • Cryptography
  • Dictionary attacks
  • Password-based key exchange

ASJC Scopus subject areas

  • Computational Mathematics
  • Applied Mathematics

Fingerprint

Dive into the research topics of 'Cryptanalysis of Lee-Kim-Yoo password-based key agreement scheme'. Together they form a unique fingerprint.

Cite this