Further analysis of password authenticated key exchange protocol based on rsa for imbalanced wireless networks

Abstract

Password-authenticated key exchange protocols allow two entities who only share a human-memorable password to authenticate each other and agree on a large session key. Such protocols are attractive for their simplicity and convenience and have received much interest in the research community. In ISC'02, Zhu et al. [18] proposed an efficient password-authenticated key exchange protocol which is suitable to the imbalanced wireless network environment where a low-power client communicates with a powerful server. In ISC'03, Bao [1] pointed out that the password protocol of Zhu et al. is subject to off-line dictionary attack if entity's identity is too short. Bao presented two kinds of dictionary attacks which can exclude two possible passwords in each protocol run. In this paper, we present a more efficient attack on the password protocol of Zhu et al.. In our attack, an adversary can exclude multiple possible passwords in each protocol run, regardless of whether entity's identity is short or long. To thwart the attack, we provide further improvement on Zhu et al.'s password-authenticated key exchange protocol. © Springer-Verlag 2004.