Cryptanalysis of Lee-Kim-Yoo password-based key agreement scheme

Jeoung Ok Kwon, Jung Yeon Hwang, Changwook Kim, Dong Hoon Lee

Research output: Contribution to journalArticle

8 Citations (Scopus)

Abstract

Recently, Lee et al. [S.W. Lee, H.S. Kim, K.Y. Yoo, Improvement of Lee and Lee's authenticated key agreement scheme, Appl. Math. Comput., in press] showed that Lee-Lee password-based authenticated key agreement scheme [N.Y. Lee, M.F. Lee, Further improvement on the modified authenticated key agreement scheme, Appl. Math. Comput. 157 (2004) 729-733] is vulnerable to an off-line dictionary attack and proposed an improved scheme. In this paper, we show that Lee et al.'s scheme is not only incomplete, i.e., two parties establishing a session key may not share a common session key, but also still vulnerable to an off-line dictionary attack, i.e., an adversary can confirm the correctness of a guessed-password by checking if the scheme's flows are in a domain (for example, whether a flow is in GF(n) or not). A main reason causing these security breaches is that the scheme's flows are constructed by using two different types of group operations. Finally, we suggest a simple counter-measure to overcome the problems.

Original languageEnglish
Pages (from-to)858-865
Number of pages8
JournalApplied Mathematics and Computation
Volume168
Issue number2
DOIs
Publication statusPublished - 2005 Sep 15

Fingerprint

Key Agreement
Password
Cryptanalysis
Glossaries
Attack
Line
Countermeasures
Correctness

Keywords

  • Cryptography
  • Dictionary attacks
  • Password-based key exchange

ASJC Scopus subject areas

  • Applied Mathematics
  • Computational Mathematics
  • Numerical Analysis

Cite this

Cryptanalysis of Lee-Kim-Yoo password-based key agreement scheme. / Kwon, Jeoung Ok; Hwang, Jung Yeon; Kim, Changwook; Lee, Dong Hoon.

In: Applied Mathematics and Computation, Vol. 168, No. 2, 15.09.2005, p. 858-865.

Research output: Contribution to journalArticle

Kwon, Jeoung Ok ; Hwang, Jung Yeon ; Kim, Changwook ; Lee, Dong Hoon. / Cryptanalysis of Lee-Kim-Yoo password-based key agreement scheme. In: Applied Mathematics and Computation. 2005 ; Vol. 168, No. 2. pp. 858-865.
@article{3fabbf93f16e4a8dad4edaa8eedc9aa3,
title = "Cryptanalysis of Lee-Kim-Yoo password-based key agreement scheme",
abstract = "Recently, Lee et al. [S.W. Lee, H.S. Kim, K.Y. Yoo, Improvement of Lee and Lee's authenticated key agreement scheme, Appl. Math. Comput., in press] showed that Lee-Lee password-based authenticated key agreement scheme [N.Y. Lee, M.F. Lee, Further improvement on the modified authenticated key agreement scheme, Appl. Math. Comput. 157 (2004) 729-733] is vulnerable to an off-line dictionary attack and proposed an improved scheme. In this paper, we show that Lee et al.'s scheme is not only incomplete, i.e., two parties establishing a session key may not share a common session key, but also still vulnerable to an off-line dictionary attack, i.e., an adversary can confirm the correctness of a guessed-password by checking if the scheme's flows are in a domain (for example, whether a flow is in GF(n) or not). A main reason causing these security breaches is that the scheme's flows are constructed by using two different types of group operations. Finally, we suggest a simple counter-measure to overcome the problems.",
keywords = "Cryptography, Dictionary attacks, Password-based key exchange",
author = "Kwon, {Jeoung Ok} and Hwang, {Jung Yeon} and Changwook Kim and Lee, {Dong Hoon}",
year = "2005",
month = "9",
day = "15",
doi = "10.1016/j.amc.2004.09.024",
language = "English",
volume = "168",
pages = "858--865",
journal = "Applied Mathematics and Computation",
issn = "0096-3003",
publisher = "Elsevier Inc.",
number = "2",

}

TY - JOUR

T1 - Cryptanalysis of Lee-Kim-Yoo password-based key agreement scheme

AU - Kwon, Jeoung Ok

AU - Hwang, Jung Yeon

AU - Kim, Changwook

AU - Lee, Dong Hoon

PY - 2005/9/15

Y1 - 2005/9/15

N2 - Recently, Lee et al. [S.W. Lee, H.S. Kim, K.Y. Yoo, Improvement of Lee and Lee's authenticated key agreement scheme, Appl. Math. Comput., in press] showed that Lee-Lee password-based authenticated key agreement scheme [N.Y. Lee, M.F. Lee, Further improvement on the modified authenticated key agreement scheme, Appl. Math. Comput. 157 (2004) 729-733] is vulnerable to an off-line dictionary attack and proposed an improved scheme. In this paper, we show that Lee et al.'s scheme is not only incomplete, i.e., two parties establishing a session key may not share a common session key, but also still vulnerable to an off-line dictionary attack, i.e., an adversary can confirm the correctness of a guessed-password by checking if the scheme's flows are in a domain (for example, whether a flow is in GF(n) or not). A main reason causing these security breaches is that the scheme's flows are constructed by using two different types of group operations. Finally, we suggest a simple counter-measure to overcome the problems.

AB - Recently, Lee et al. [S.W. Lee, H.S. Kim, K.Y. Yoo, Improvement of Lee and Lee's authenticated key agreement scheme, Appl. Math. Comput., in press] showed that Lee-Lee password-based authenticated key agreement scheme [N.Y. Lee, M.F. Lee, Further improvement on the modified authenticated key agreement scheme, Appl. Math. Comput. 157 (2004) 729-733] is vulnerable to an off-line dictionary attack and proposed an improved scheme. In this paper, we show that Lee et al.'s scheme is not only incomplete, i.e., two parties establishing a session key may not share a common session key, but also still vulnerable to an off-line dictionary attack, i.e., an adversary can confirm the correctness of a guessed-password by checking if the scheme's flows are in a domain (for example, whether a flow is in GF(n) or not). A main reason causing these security breaches is that the scheme's flows are constructed by using two different types of group operations. Finally, we suggest a simple counter-measure to overcome the problems.

KW - Cryptography

KW - Dictionary attacks

KW - Password-based key exchange

UR - http://www.scopus.com/inward/record.url?scp=26044435697&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=26044435697&partnerID=8YFLogxK

U2 - 10.1016/j.amc.2004.09.024

DO - 10.1016/j.amc.2004.09.024

M3 - Article

AN - SCOPUS:26044435697

VL - 168

SP - 858

EP - 865

JO - Applied Mathematics and Computation

JF - Applied Mathematics and Computation

SN - 0096-3003

IS - 2

ER -