Computer Engineering and Applications ›› 2011, Vol. 47 ›› Issue (10): 101-105.

• 网络、通信、安全 • Previous Articles     Next Articles

Security analysis of two password-authenticated key exchange protocol for three-party

DENG Shaofeng,DENG Fan,LI Yifa   

  1. Institute of Information Engineering,Information Engineering University,Zhengzhou 450002,China
  • Received:1900-01-01 Revised:1900-01-01 Online:2011-04-01 Published:2011-04-01

两个三方口令密钥交换协议的安全性分析

邓少锋,邓 帆,李益发   

  1. 信息工程大学 信息工程学院,郑州 450002

Abstract: This paper first presents the security analysis of two verifier-based password-authenticated key exchange protocols for three-party and points out that they are both insecure.Thereinto,the LZC protocol can not resist server compromise attack,unknown key-share attack,insider attack and undetectable on-line dictionary attack;the LWZ protocol can not resist unknown key-share attack,insider attack and replay attack.Then,this paper gives an improvement of the LWZ protocol to gain a new protocol—NLWZ protocol.Lastly,under the DDH assumption,the detailed security proof of NLWZ protocol is presented.Compared with previous protocols,NLWZ protocol has lower communication and computation,so it can have higher potential application.

Key words: key exchange for three-party, password-based authentication, verifier-based, bilinear pairs

摘要: 首先对两个基于验证元的三方口令密钥交换协议进行了安全性分析,指出它们都是不安全的。其中,LZC协议不能抵抗服务器泄露攻击、未知密钥共享攻击、内部人攻击和不可发现字典攻击;LWZ协议不能抵抗未知密钥攻击、内部人攻击和重放攻击。对LWZ协议进行了改进,以弥补原LWZ协议的安全漏洞。最后,在DDH假设下,给出了改进协议(NLWZ协议)的安全性证明。与已有协议相比,NLWZ协议降低了计算和通信开销,其潜在的实用性更强。

关键词: 三方密钥交换, 基于口令验证, 基于验证元, 双线性对