Analysis and improvement on a new three-party password-based authenticated key agreement protocol

doi:10.3724/SP.J.1087.2011.02994

Journal of Computer Applications ›› 2011, Vol. 31 ›› Issue (11): 2994-2996.DOI: 10.3724/SP.J.1087.2011.02994

• Information security • Previous Articles Next Articles

Analysis and improvement on a new three-party password-based authenticated key agreement protocol

ZHOU Si-fang

Computer Department, Yongzhou Vocational Technology College, Yongzhou Hunan 425000, China

Received:2011-04-08 Revised:2011-06-22 Online:2011-11-16 Published:2011-11-01
Contact: ZHOU Si-fang

一种新的双方认证密钥协商协议的安全性分析

周四方

永州职业技术学院计算机系，湖南永州 425000

通讯作者: 周四方
作者简介:周四方(1974-)，男，湖南永州人，讲师，主要研究方向：数据库、计算机网络安全。

Abstract

Abstract: In 2010, Z. Mohammad proposed a new two-party authenticated key agreement protocol (MOHAMMAD Z, CHEN Y, HSU C, et al. Cryptanalysis and enhancement of two-pass authenticated key agreement with key confirmation protocols. IETE Technical Review, 2010,27(3):252-65). This protocol realizes the key agreement with higher computation efficiency. However, the one-round version of this protocol cannot resist on the loss of information impersonation attack, key compromise impersonation attack and general impersonation attack, this protocol is also vulnerable to man-in-the-middle attack if some security information is lost. These security problems allow the adversary can initiate or reply the protocol with legal participants.

Key words: information security, key agreement, impersonation attack, authentication mechanism

摘要： 2010年，Mohammad等人提出了一种新的双方认证密钥协商协议(MOHAMMAD Z, CHEN Y, HSU C, et al. Cryptanalysis and enhancement of two-pass authenticated key agreement with key confirmation protocols. IETE Technical Review, 2010,27(3):252-65)。新协议以较高的运算效率实现了参与者双方的身份认证和密钥协商。对该协议的单轮版本进行了安全性分析，通过模拟协议中某些信息丢失后协议双方的通信过程，发现如果协议中的一些秘密信息丢失，敌手可以发起信息泄露伪装攻击、密钥泄露伪装攻击和一般定义下的伪装攻击，也无法抵抗中间人攻击。这些攻击都可以使得敌手冒充合法参与者发起或回应会话。

关键词: 信息安全, 密钥协商, 伪装攻击, 认证机制

ZHOU Si-fang. Analysis and improvement on a new three-party password-based authenticated key agreement protocol[J]. Journal of Computer Applications, 2011, 31(11): 2994-2996.

周四方. 一种新的双方认证密钥协商协议的安全性分析[J]. 计算机应用, 2011, 31(11): 2994-2996.

[1]	Shaochen HAO, Zizuan WEI, Yao MA, Dan YU, Yongle CHEN. Network intrusion detection model based on efficient federated learning algorithm [J]. Journal of Computer Applications, 2023, 43(4): 1169-1175.
[2]	Hongliang TIAN, Ping GE, Mingjie XIAN. Distribution network operation exception management mechanism based on blockchain [J]. Journal of Computer Applications, 2023, 43(11): 3504-3509.
[3]	Zexi WANG, Minqing ZHANG, Yan KE, Yongjun KONG. Reversible data hiding algorithm in encrypted domain based on secret image sharing [J]. Journal of Computer Applications, 2022, 42(5): 1480-1489.
[4]	Shengwei XU, Jie KANG. Multiparty quantum key agreement protocol based on logical single particle [J]. Journal of Computer Applications, 2022, 42(1): 157-161.
[5]	MA Hua, CHEN Yuepeng, TANG Wensheng, LOU Xiaoping, HUANG Zhuoxuan. Survey of research progress on crowdsourcing task assignment for evaluation of workers’ ability [J]. Journal of Computer Applications, 2021, 41(8): 2232-2241.
[6]	DU Xinyu, WANG Huaqun. Dynamic group based effective identity authentication and key agreement scheme in LTE-A networks [J]. Journal of Computer Applications, 2021, 41(6): 1715-1722.
[7]	Ping ZHANG, Yiqiao JIA, Jiechang WANG, Nianfeng SHI. Three-factor anonymous authentication and key agreement protocol [J]. Journal of Computer Applications, 2021, 41(11): 3281-3287.
[8]	YANG Jianxi, ZHANG Yuanli, JIANG Hua, ZHU Xiaochen. Detection method of physical-layer impersonation attack based on deep Q-network in edge computing [J]. Journal of Computer Applications, 2020, 40(11): 3229-3235.
[9]	XIAO Kai, WANG Meng, TANG Xinyu, JIANG Tonghai. Public welfare time bank system based on blockchain technology [J]. Journal of Computer Applications, 2019, 39(7): 2156-2161.
[10]	LIU Xindong, XU Shuishuai, CHEN Jianhua. Authentication scheme for smart grid communication based on elliptic curve cryptography [J]. Journal of Computer Applications, 2019, 39(3): 779-783.
[11]	LUO Xiaofeng, YANG Xingchun, HU Yong. Improved decision diagram for attribute-based access control policy evaluation and management [J]. Journal of Computer Applications, 2019, 39(12): 3569-3574.
[12]	CAO Zhenhuan, CAI Xiaohai, GU Menghe, GU Xiaozhuo, LI Xiaowei. Android permission management and control scheme based on access control list mechanism [J]. Journal of Computer Applications, 2019, 39(11): 3316-3322.
[13]	LI Zhaobin, LI Weilong, WEI Zhanzhen, LIU Mengtian. Research and implementation of key module of data security processing mechanism in software defined network [J]. Journal of Computer Applications, 2018, 38(7): 1929-1935.
[14]	WANG Songwei, CHEN Jianhua. Multi-factor authentication key agreement scheme based on chaotic mapping [J]. Journal of Computer Applications, 2018, 38(10): 2940-2944.
[15]	LUO Xiaoshuang, YANG Xiaoyuan, WANG Xu'an. A private set intersection protocol against malicious attack [J]. Journal of Computer Applications, 2017, 37(6): 1593-1598.

Analysis and improvement on a new three-party password-based authenticated key agreement protocol

一种新的双方认证密钥协商协议的安全性分析

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics