A provably secure and efficient two-party password-based explicit authenticated key exchange protocol resistance to password guessing attacks

12Citations
Citations of this article
8Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Password-based two-party authenticated key exchange (2PAKE) protocol enables two or more entities, who only share a low-entropy password between them, to authenticate each other and establish a high-entropy secret session key. Recently, Zheng et al. proposed a password-based 2PAKE protocol based on bilinear pairings and claimed that their protocol is secure against the known security attacks. However, in this paper, we indicate that the protocol of Zheng et al. is insecure against the off-line password guessing attack, which is a serious threat to such protocols. Consequently, we show that an attacker who obtained the users’ password by applying the off-line password guessing attack can easily obtain the secret session key. In addition, the protocol of Zheng et al. does not provide the forward secrecy of the session key. As a remedy, we also improve the protocol of Zheng et al. and prove the security of our enhanced protocol in the random oracle model. The simulation result shows that the execution time of our 2PAKE protocol is less compared with other existing protocols.

Cite

CITATION STYLE

APA

Farash, M. S., Islam, S. H., & Obaidat, M. S. (2015). A provably secure and efficient two-party password-based explicit authenticated key exchange protocol resistance to password guessing attacks. Concurrency and Computation: Practice and Experience, 27(17), 4897–4913. https://doi.org/10.1002/CPE.3477

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free