کد مقاله | کد نشریه | سال انتشار | مقاله انگلیسی | نسخه تمام متن |
---|---|---|---|---|
465916 | 697730 | 2015 | 11 صفحه PDF | دانلود رایگان |
A password-based authenticated key agreement enables several parties to establish a shared cryptographically strong key over a public unreliable and insecure network using short low-entropy passwords. This authenticated key agreement is definitely required even in Internet of Things (IoT) environments, since no additional device is required. There are only few proposals reported in literature for password-based explicit authenticated key agreement (EAKA). Recently, Zheng et al. proposed a 3-round password-based EAKA protocol. In this paper, we reveal that their protocol is vulnerable to impersonation attack, and the used security definition is not formally treated. We then formalize the security definition of two-party password-based EAKA protocol and improve the construction of Zheng et al. to eliminate its security vulnerabilities. The security of the proposal is formally proved using a new security model.
Journal: Pervasive and Mobile Computing - Volume 24, December 2015, Pages 50–60