Abstract
Recently, Lee-Lee pointed out that Hsu et al.’s key agreement scheme suffers from a modification attack and described an enhancement on it. Both of Lee-Lee’s enhancement and Hsu et al. scheme can be considered as variants of Diffie-Hellman scheme with user authentication that are based on a shared-password for providing authentication. This paper shows both schemes cannot withstand to a dictionary attack. Such an attack illustrates that extreme care must be taken when passwords are combined to provide user authentication in cryptographic protocols. This paper also presents a new authenticated key agreement protocol that is not secure to the dictionary attack but also has many desirable security properties, including forward secrecy and known-key secrecy. It is also able to withstand to both passive and active attacks. The security of the proposed scheme is based on the well-known cryptographic assumptions.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
