Undetectable On-line Dictionary Attacks Research Articles

Provably Secure Gateway Threshold Password-Based Authenticated Key Exchange Secure against Undetectable On-Line Dictionary Attack

Provably Secure Gateway Threshold Password-Based Authenticated Key Exchange Secure against Undetectable On-Line Dictionary Attack

Cryptanalysis and Improvement of a Password-Based Authenticated Three-Party Key Exchange Protocol

Protocols for password-based authenticated key exchange (PAKE) in the three-party setting must be designed to be secure against dictionary attacks even in the presence of a malicious insider. In this work, we revisit the three-party PAKE protocol proposed by Kim and Choi in 2009, and demonstrate that the protocol is vulnerable to an insider offline dictionary attack (which allows an adversary to impersonate a legitimate party and initiate transactions). We also show that due to the vulnerability, Kim and Choi’s protocol is rendered insecure in the in distinguish ability-based security model of Bellare, Pointcheval and Rogaway (2000). We propose an improved three-party PAKE protocol which is resistant to all classes of dictionary attacks, including insider offline dictionary attacks and undetectable online dictionary attacks.

Cryptanalysis of a new protocol of wide use for email with perfect forward secrecy

This paper considers security analysis of a cross-realm client-to-client password-authenticated key exchange C2C-PAKE protocol with indirect communication structure that was proposed for secure email. The protocol does not need any public key infrastructure PKI and was designed to enable senders and recipients of emails to register at different mail servers. However, mail servers require sharing of secret keys in advance. Protocol designers claimed many security attributes including perfect forward secrecy and resilience to dictionary and replay attacks. However, in this paper, we show that the protocol does not provide forward secrecy and is vulnerable to offline dictionary attack, undetectable online dictionary attack, replay attack, and password-compromise impersonation attack. The protocol has also some other defects that are explained in the paper. Copyright © 2014 John Wiley & Sons, Ltd.

Password-only authenticated three-party key exchange with provable security in the standard model.

Protocols for password-only authenticated key exchange (PAKE) in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway (2000), which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks.

Dictionary Attacks against Password-Based Authenticated Three-Party Key Exchange Protocols

A three-party password-based authenticated key exchange (PAKE) protocol allows two clients registered with a trusted server to generate a common cryptographic key from their individual passwords shared only with the server. A key requirement for three-party PAKE protocols is to prevent an adversary from mounting a dictionary attack. This requirement must be met even when the adversary is a malicious (registered) client who can set up normal protocol sessions with other clients. This work revisits three existing three-party PAKE protocols, namely, Guo et al.’s (2008) protocol, Huang’s (2009) protocol, and Lee and Hwang’s (2010) protocol, and demonstrates that these protocols are not secure against offline and/or (undetectable) online dictionary attacks in the presence of a malicious client. The offline dictionary attack we present against Guo et al.’s protocol also applies to other similar protocols including Lee and Hwang’s protocol. We conclude with some suggestions on how to design a three-party PAKE protocol that is resistant against dictionary attacks.

A Password attack on S-3 PAKE Protocol

Recently Chung et al proposed three party authenticated key exchange protocol. Lo et al demonstrated that Chung et al protocol is vulnerable to undetectable online dictionary attack and proposed a modified protocol. Unfortunately, this paper shows that Lo et al protocol is not secure and suffers from undetectable online password guessing attack.

Cryptanalysis of a three-party password-based authenticated key exchange protocol using Weil pairing

Recently, Zeng et al. proposed a three-party password-based authenticated key exchange protocol, in which two users could generate a common secret key with the help of the server. Although Zeng et al. claimed that their protocol could withstand various attacks, we point out that their protocol cannot resist impersonation attacks and undetectable online dictionary attacks. The analysis shows Zeng et al.'s protocol is insecure for practical applications.

Anonymous gateway-oriented password-based authenticated key exchange based on RSA

A gateway-oriented password-based authenticated key exchange (GPAKE) is a three-party protocol, which allows a client and a gateway to establish a common session key with the help of an authentication server. To date, most of the published protocols for GPAKE have been based on Diffie-Hellman key exchange. In this article, we present the first GPAKE protocol based on RSA, then prove its security in the random oracle model under the RSA assumption. Furthermore, our protocol can resist both e-residue and undetectable on-line dictionary attacks. Finally, we investigate whether or not a GPAKE protocol can achieve both client anonymity and resistance against undetectable on-line dictionary attacks by a malicious gateway. We provide an affirmative answer by adding client anonymity with respect to the server. Preprint submitted to EURASIP JWCN October 16, 2011 to our basic protocol.

Gateway-oriented password-authenticated key exchange protocol in the standard model

A gateway-oriented password-based authenticated key exchange (GPAKE) is a 3-party protocol, which allows a client and a gateway to establish a common session key with the help of an authentication server. GPAKE protocols are suitable for mobile communication environments such as GSM (Global System for Mobile Communications) and 3GPP (The Third Generation Partnership Project). To date, most of the published protocols for GPAKE have been proven secure in the random oracle model. In this paper, we present the first provably-secure GPAKE protocol in the standard model. It is based on the 2-party password-authenticated key exchange protocol of Jiang and Gong. The protocol is secure under the DDH assumption (without random oracles). Furthermore, it can resist undetectable on-line dictionary attacks. Compared with previous solutions, our protocol achieves stronger security with similar efficiency.

Simple three-party password authenticated key exchange protocol

Three-party password authenticated key exchange (3PAKE) protocol plays a significant role in the history of secure communication area in which two clients agree a robust session key in an authentic manner based on passwords. In recent years, researchers focused on developing simple 3PAKE (S-3PAKE) protocol to gain system efficiency while preserving security robustness for the system. In this study, we first demonstrate how an undetectable on-line dictionary attack can be successfully applied over three existing S-3PAKE schemes. An error correction code (ECC) based S-3PAKE protocol is then introduced to eliminate the identified authentication weakness.

Gateway-Oriented Password-Authenticated Key Exchange Based on RSA

Gateway-oriented password-based authenticated key exchange(GPAKE) protocal is a three-party protocol,which allows a client and a gateway to establish a common session key with the help of an authentication server.To date,most of the published protocols for GPAKE were based on Diffie-Hellman key exchange.This paper presents the first provably-secure GPAKE protocol using RSA.It is based on the protocol PEKEP of Zhang and is provably-secure in the random oracle model under the RSA assumption.Furthermore,the proposed protocol can resist both e-residue and undetectable on-line dictionary attacks.

Efficient and Strongly Secure Password-based Server Aided Key Exchange

In ACNS'06, Cliff, et al. proposed the password-based server aided key exchange (PSAKE) as one of password-based authenticated key exchanges in the three-party setting (3-party PAKE) in which two clients with different passwords exchange a session key with the help of their corresponding server. Though they also studied a strong security definition of the 3-party PAKE, their security model is not strong enough because there are desirable security properties which cannot be captured. In this paper, we define a new formal security model of the 3-party PAKE which is stronger than the previous model. Our model captures all known desirable security requirements of the 3-party PAKE, like the resistance to key-compromise impersonation, to the leakage of ephemeral private keys of servers and to the undetectable on-line dictionary attack. Also, we propose a new scheme as an improvement of PSAKE with the optimal number of rounds for a client, which is secure in the sense of our model.

Fficient and Provably Secure Generic Construction of Client-to-Client Password-Based Key Exchange Protocol

Client-to-client password authenticated key exchange (C2C-PAKE) protocol enables two clients who only share their passwords with their own servers to establish a shared key for their secure communications. Recently, Byun et al. and Yin-Li respectively proposed first provably secure C2C-PAKE protocols. However, both protocols are found to be vulnerable to undetectable online dictionary attacks and other attacks. In this paper, we present an efficient generic construction for cross-realm C2C-PAKE protocols and prove its security in the Random-or-Real model due to Abdalla et al., without making use of the Random Oracle model.

Cryptanalysis of simple three-party key exchange protocol

Recently, Lu and Cao published a novel protocol for password-based authenticated key exchanges (PAKE) in a three-party setting in Journal of Computers and Security, where two clients, each shares a human-memorable password with a trusted server, can construct a secure session key. They argued that their simple three-party PAKE (3-PAKE) protocol can resist against various known attacks. In this paper, we show that this protocol is vulnerable to a kind of man-in-the-middle attack that exploits an authentication flaw in their protocol and is subject to the undetectable on-line dictionary attack. We also conduct a detailed analysis on the flaws in the protocol and provide an improved protocol.

Cryptanalysis of simple three-party key exchange protocol (S-3PAKE)

Password-authenticated key exchange (PAKE) protocols allow parties to share secret keys in an authentic manner based on an easily memorizable password. Recently, Lu and Cao proposed a three-party password-authenticated key exchange protocol, so called S-3PAKE, based on ideas of the Abdalla and Pointcheval two-party SPAKE extended to three parties. S-3PAKE can be seen to have a structure alternative to that of another three-party PAKE protocol (3PAKE) by Abdalla and Pointcheval. Furthermore, a simple improvement to S-3PAKE was proposed very recently by Chung and Ku to resist the kind of attacks that applied to earlier versions of 3PAKE. In this paper, we show that S-3PAKE falls to unknown key-share attacks by any other client, and undetectable online dictionary attacks by any adversary. The latter attack equally applies to the recently improved S-3PAKE. Indeed, the provable security approach should be taken when designing PAKEs; and furthermore our results highlight that extra cautions still be exercised when defining models and constructing proofs in this direction.