International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Enhancing Security of a Group Key Exchange Protocol for Users with Individual Passwords

Authors:
Junghyun Nam
Download:
URL: http://eprint.iacr.org/2007/166
Search ePrint
Search Google
Abstract: Group key exchange protocols allow a group of parties communicating over a public network to come up with a common secret key called a session key. Due to their critical role in building secure multicast channels, a number of group key exchange protocols have been suggested over the years for a variety of settings. Among these is the so-called EKE-M protocol proposed by Byun and Lee for password-based group key exchange in the different password authentication model, where group members are assumed to hold an individual password rather than a common password. While the announcement of the EKE-M protocol was essential in the light of the practical significance of the different password authentication model, Tang and Chen showed that the EKE-M protocol itself suffers from an undetectable on-line dictionary attack. Given Tang and Chen's attack, Byun et al.~have recently suggested a modification to the EKE-M protocol and claimed that their modification makes EKE-M resistant to the attack. However, the claim turned out to be untrue. In the current paper, we demonstrate this by showing that Byun et al.'s modified EKE-M is still vulnerable to an undetectable on-line dictionary attack. Besides reporting our attack, we also figure out what has gone wrong with Byun et al.'s modification and how to fix it.
BibTeX
@misc{eprint-2007-13448,
  title={Enhancing Security of a Group Key Exchange Protocol for Users with Individual Passwords},
  booktitle={IACR Eprint archive},
  keywords={cryptographic protocols / Group key exchange, password-based authentication, undetectable on-line dictionary attack},
  url={http://eprint.iacr.org/2007/166},
  note={ jhnam@kku.ac.kr 13639 received 6 May 2007},
  author={Junghyun Nam},
  year=2007
}