Cryptanalysis of the improved authenticated key agreement protocol

1
Cryptanalysis of the improved authenticated key
agreement protocol

• Author Ting-Yi Chang, Chou-Chan Yang, Ya-Wen
  Yang
• Source Applied mathematics and computation, vol.
  171,
• pp.771-774, 2005
• Speaker Feng-Chih Hsu
• Date 2005/12/13

2
Outline

• Introduction
• Review of Hsu et al.s scheme
• The off-line password guessing attack
• Conclusion

3
Introduction

1. To strengthen Diffie-Hellman scheme, Seo and
   Sweeney proposed a simple key agreement protocol
   in 1999.
2. Later, Ku and Wang proposed a more efficient
   scheme in 2000.
3. In 2003, Hsu et al. pointed out the Ku-Wang
   scheme suffers from the modification attack. They
   also proposed an improvement.
4. In this article, the authors point out the Hsu et
   al. scheme is vulnerable by the off-line password
   guessing attack.

4
Some notations

• A, B two communicating parties
• C an attacker
• idA, idB the identities of A and B
• P the pre-shared common password
• Q an integer computed from P
• n a large prime number
• g a generator with the order n-1
• H(.) a one-way hash function
• a, b two random numbers

5
Review of Hsu et al.s scheme (1/2)

• The key establishment phase

6
Review of Hsu et al.s scheme (2/2)

• The key validation phase

7
The off-line password guessing attack

• The attacker C, who pretends to be B

8
The off-line password guessing attack
9
Conclusion

• People find password difficult to use long random
  stringsrather, they prefer natural language
  phrases that they con recognize easily.
• In this article, we have presented the off-line
  password guessing attack to subvert the security
  of Hsu et al.s scheme.