International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Enhanced password-based key establishment protocol

Authors:
Qiang Tang
Chris J. Mitchell
Download:
URL: http://eprint.iacr.org/2005/141
Search ePrint
Search Google
Abstract: In this paper we analyse a password-based authenticated key establishment protocol due to Laih, Ding and Huang, which enables a user to authenticate himself to a server and negotiate a shared session key. This protocol is also designed to guarantee that a human being is actually involved in an ongoing protocol execution. However we show that the protocol suffers from offline dictionary attacks. We propose an enhanced password-based authenticated key establishment protocol which is secure against offline dictionary attacks, and that possesses an additional feature guaranteeing that a user is involved in each protocol execution.
BibTeX
@misc{eprint-2005-12477,
  title={Enhanced password-based key establishment protocol},
  booktitle={IACR Eprint archive},
  keywords={key agreement, password guessing attacks, authentication},
  url={http://eprint.iacr.org/2005/141},
  note={ qiang.tang@rhul.ac.uk 12949 received 10 May 2005, last revised 15 Jun 2005},
  author={Qiang Tang and Chris J. Mitchell},
  year=2005
}