-
1Academic Journal
المؤلفون: Lee, Cheng-Chi, Chen, Shun-Der, Chen, Chin-Ling
المصدر: Applied Mathematics & Information Sciences
مصطلحات موضوعية: Authentication, key exchange, password, password guessing attacks, three-party encrypted key exchange. 1. Introduction In Internet, two communicating parties can communicate each other securely by using conventional symmetric-key cryptosystems such as the AES [19]. The two parties have a common session key to encrypt and decrypt their communicated messages by using symmetric-key cryptosystem. However, how do two parties securely obtain the common session key between them? This can be solved by using Diffie-Hellman key exchange protocol [7]. In 1992, Bellovin and Merritt firstly proposed an encrypted key exchange (EKE) family of key exchange protocols [2]. It is a password-based authentication and key agreement protocol. Two advantages of EKE are: (1) the communicating parties can use an easy-to-remember password to authenticate each other without being threatened by dictionary attacks [17], (2) the communicating parties can share a common session key to encrypt and decrypt confidential messages. In a large communication environment, EKE is unpractical because every two parties should share a password previously. If there are one thousand parties to communicate in this environment, each party should hold 999 passwords for EKE. Hence, an extension to EKE is proposed to enhance its practicality. The extension is called three-party encrypted key exchange protocol (3PEKE) in which a participant is allowed to share only one easy-toremember password with a trusted server such that two participants can negotiate a common session key to communicate with each other secretly [3, 10]. It can provide confidential communications between two participants over an insecure network. In 3PEKE, each party only holds himself/herself password. 1.1. Related Work Since the 3PEKE is based on password authentication, protecting the low-entropy password from guessing attacks is crucial for password-based authentication schemes [15, 23]. Ding and Horster introduced three possible types of guessing attacks as follows: (1) detectable on-line password guessing attacks, (2) undetectable on-line password guessing attacks, and (3) off-line password guessing attacks. Among the three classes, off-line password guessing attacks is the most critical ones [8]. The proposed 3PEKE ¤ Corresponding author: e-mail: ryanchen@lins.fju.edu.tw c° 2012 NSP Natural Sciences Publishing Cor.
Time: 5
وصف الملف: application/pdf
Relation: https://digitalcommons.aaru.edu.jo/amis/vol06/iss3/27; https://digitalcommons.aaru.edu.jo/cgi/viewcontent.cgi?article=1078&context=amis