Cryptanalysis of Lee-Kim-Yoo password-based key agreement scheme

Jeoung Ok Kwon; Jung Yeon Hwang; Changwook Kim; Dong Hoon Lee

doi:10.1016/j.amc.2004.09.024

Cryptanalysis of Lee-Kim-Yoo password-based key agreement scheme

Jeoung Ok Kwon, Jung Yeon Hwang, Changwook Kim, Dong Hoon Lee

Graduate School of Information Security

Research output: Contribution to journal › Article

8 Citations (Scopus)

Abstract

Recently, Lee et al. [S.W. Lee, H.S. Kim, K.Y. Yoo, Improvement of Lee and Lee's authenticated key agreement scheme, Appl. Math. Comput., in press] showed that Lee-Lee password-based authenticated key agreement scheme [N.Y. Lee, M.F. Lee, Further improvement on the modified authenticated key agreement scheme, Appl. Math. Comput. 157 (2004) 729-733] is vulnerable to an off-line dictionary attack and proposed an improved scheme. In this paper, we show that Lee et al.'s scheme is not only incomplete, i.e., two parties establishing a session key may not share a common session key, but also still vulnerable to an off-line dictionary attack, i.e., an adversary can confirm the correctness of a guessed-password by checking if the scheme's flows are in a domain (for example, whether a flow is in GF(n) or not). A main reason causing these security breaches is that the scheme's flows are constructed by using two different types of group operations. Finally, we suggest a simple counter-measure to overcome the problems.

Original language	English
Pages (from-to)	858-865
Number of pages	8
Journal	Applied Mathematics and Computation
Volume	168
Issue number	2
DOIs	https://doi.org/10.1016/j.amc.2004.09.024
Publication status	Published - 2005 Sep 15

Fingerprint

Key Agreement

Password

Cryptanalysis

Glossaries

Attack

Line

Countermeasures

Correctness

Keywords

Cryptography
Dictionary attacks
Password-based key exchange

ASJC Scopus subject areas

Applied Mathematics
Computational Mathematics
Numerical Analysis

Cite this

Kwon, J. O., Hwang, J. Y., Kim, C., & Lee, D. H. (2005). Cryptanalysis of Lee-Kim-Yoo password-based key agreement scheme. Applied Mathematics and Computation, 168(2), 858-865. https://doi.org/10.1016/j.amc.2004.09.024

Cryptanalysis of Lee-Kim-Yoo password-based key agreement scheme. / Kwon, Jeoung Ok; Hwang, Jung Yeon; Kim, Changwook; Lee, Dong Hoon.

In: Applied Mathematics and Computation, Vol. 168, No. 2, 15.09.2005, p. 858-865.

Research output: Contribution to journal › Article

Kwon, JO, Hwang, JY, Kim, C & Lee, DH 2005, 'Cryptanalysis of Lee-Kim-Yoo password-based key agreement scheme', Applied Mathematics and Computation, vol. 168, no. 2, pp. 858-865. https://doi.org/10.1016/j.amc.2004.09.024

Kwon JO, Hwang JY, Kim C, Lee DH. Cryptanalysis of Lee-Kim-Yoo password-based key agreement scheme. Applied Mathematics and Computation. 2005 Sep 15;168(2):858-865. https://doi.org/10.1016/j.amc.2004.09.024

Kwon, Jeoung Ok ; Hwang, Jung Yeon ; Kim, Changwook ; Lee, Dong Hoon. / Cryptanalysis of Lee-Kim-Yoo password-based key agreement scheme. In: Applied Mathematics and Computation. 2005 ; Vol. 168, No. 2. pp. 858-865.

@article{3fabbf93f16e4a8dad4edaa8eedc9aa3,

title = "Cryptanalysis of Lee-Kim-Yoo password-based key agreement scheme",

abstract = "Recently, Lee et al. [S.W. Lee, H.S. Kim, K.Y. Yoo, Improvement of Lee and Lee's authenticated key agreement scheme, Appl. Math. Comput., in press] showed that Lee-Lee password-based authenticated key agreement scheme [N.Y. Lee, M.F. Lee, Further improvement on the modified authenticated key agreement scheme, Appl. Math. Comput. 157 (2004) 729-733] is vulnerable to an off-line dictionary attack and proposed an improved scheme. In this paper, we show that Lee et al.'s scheme is not only incomplete, i.e., two parties establishing a session key may not share a common session key, but also still vulnerable to an off-line dictionary attack, i.e., an adversary can confirm the correctness of a guessed-password by checking if the scheme's flows are in a domain (for example, whether a flow is in GF(n) or not). A main reason causing these security breaches is that the scheme's flows are constructed by using two different types of group operations. Finally, we suggest a simple counter-measure to overcome the problems.",

keywords = "Cryptography, Dictionary attacks, Password-based key exchange",

author = "Kwon, {Jeoung Ok} and Hwang, {Jung Yeon} and Changwook Kim and Lee, {Dong Hoon}",

year = "2005",

month = "9",

day = "15",

doi = "10.1016/j.amc.2004.09.024",

language = "English",

volume = "168",

pages = "858--865",

journal = "Applied Mathematics and Computation",

issn = "0096-3003",

publisher = "Elsevier Inc.",

number = "2",

}

TY - JOUR

T1 - Cryptanalysis of Lee-Kim-Yoo password-based key agreement scheme

AU - Kwon, Jeoung Ok

AU - Hwang, Jung Yeon

AU - Kim, Changwook

AU - Lee, Dong Hoon

PY - 2005/9/15

Y1 - 2005/9/15

N2 - Recently, Lee et al. [S.W. Lee, H.S. Kim, K.Y. Yoo, Improvement of Lee and Lee's authenticated key agreement scheme, Appl. Math. Comput., in press] showed that Lee-Lee password-based authenticated key agreement scheme [N.Y. Lee, M.F. Lee, Further improvement on the modified authenticated key agreement scheme, Appl. Math. Comput. 157 (2004) 729-733] is vulnerable to an off-line dictionary attack and proposed an improved scheme. In this paper, we show that Lee et al.'s scheme is not only incomplete, i.e., two parties establishing a session key may not share a common session key, but also still vulnerable to an off-line dictionary attack, i.e., an adversary can confirm the correctness of a guessed-password by checking if the scheme's flows are in a domain (for example, whether a flow is in GF(n) or not). A main reason causing these security breaches is that the scheme's flows are constructed by using two different types of group operations. Finally, we suggest a simple counter-measure to overcome the problems.

AB - Recently, Lee et al. [S.W. Lee, H.S. Kim, K.Y. Yoo, Improvement of Lee and Lee's authenticated key agreement scheme, Appl. Math. Comput., in press] showed that Lee-Lee password-based authenticated key agreement scheme [N.Y. Lee, M.F. Lee, Further improvement on the modified authenticated key agreement scheme, Appl. Math. Comput. 157 (2004) 729-733] is vulnerable to an off-line dictionary attack and proposed an improved scheme. In this paper, we show that Lee et al.'s scheme is not only incomplete, i.e., two parties establishing a session key may not share a common session key, but also still vulnerable to an off-line dictionary attack, i.e., an adversary can confirm the correctness of a guessed-password by checking if the scheme's flows are in a domain (for example, whether a flow is in GF(n) or not). A main reason causing these security breaches is that the scheme's flows are constructed by using two different types of group operations. Finally, we suggest a simple counter-measure to overcome the problems.

KW - Cryptography

KW - Dictionary attacks

KW - Password-based key exchange

UR - http://www.scopus.com/inward/record.url?scp=26044435697&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=26044435697&partnerID=8YFLogxK

U2 - 10.1016/j.amc.2004.09.024

DO - 10.1016/j.amc.2004.09.024

M3 - Article

AN - SCOPUS:26044435697

VL - 168

SP - 858

EP - 865

JO - Applied Mathematics and Computation

JF - Applied Mathematics and Computation

SN - 0096-3003

IS - 2

ER -

Access to Document

10.1016/j.amc.2004.09.024