Security

Cryptanalysis of a Provably Secure Gateway-Oriented Password-Based Authenticated Key Exchange Protocol

Download Now Free registration required

Executive Summary

Recently, Chien et al. proposed a Gateway-oriented Password-based Authenticated Key Exchange (GPAKE) protocol, through which a client and a gateway could generate a session key for future communication with the help of an authentication server. The authors also described that their scheme is provably secure in a formal model. However, in this paper, they will show that Chien et al.'s protocol is vulnerable to the off-line password guessing attack. To overcome the weakness, they also propose an efficient countermeasure.

  • Format: PDF
  • Size: 124.2 KB