DOI QR코드

DOI QR Code

Advanced Modification 공격에 안전한 패스워드 기반 키 동의 프로토콜

Password-based Authenticated Key Agreement Protocol Secure Against Advanced Modification Attack

  • 곽진 (성균관대학교 대학원 정보통신공학부) ;
  • 오수현 (호서대학교 컴퓨터공학부) ;
  • 양형규 (강남대학교 컴퓨터미디어공학부) ;
  • 원동호 (성균관대학교 정보통신공학부)
  • 발행 : 2004.06.01

초록

사용자의 인증기술로 패스워드를 기반으로 하는 메커니즘이 널리 사용되고 있다. 패스워드를 기반으로 하는 메커니즘은 사용자들이 기억하기 쉬운 패스워드를 선택하여 사용하는 경우가 대부분이므로 패스워드 추측 공격(password guessing attack)에 취약하다는 문제점이 있다. 이러한 패스워드 추측 공격을 방지하기 위해 많은 키 분배 프로토콜이 제안되고 있으며, 최근 Seo-Sweeny는 패스워드를 기반으로 하는 인증키 동의(SAKA Simple Authenticated Key Agreement) 프로토콜을 제안하였다. 본 논문에서는 먼저, 패스워드를 기반으로 하는 SAKA 프로토콜과 이를 개선한 방식들의 키 설정 및 키 확인 과정을 살펴보고, 각각의 프로토콜이 본 논문에서 정의한 Advanced Modification 공격에 대해 취약함을 보인다. 그리고 Advanced Modification 공격에 대해 안전한 패스워드 기반 인증 키 동의 프로토콜을 제안한다.

Password-based mechanism is widely used methods for user authentication. Password-based mechanisms are using memorable passwords(weak ferrets), therefore Password-based mechanism are vulnerable to the password guessing attack. To overcome this problem, man password-based authenticated key exchange protocols have been proposed to resist password guessing attacks. Recently, Seo-Sweeny proposed password-based Simple Authenticated Key Agreement(SAKA) protocol. In this paper, first, we will examine the SAKA and authenticated key agreement protocols, and then we will show that the proposed simple authenticated key agreement protocols are still insecure against Advanced Modification Attack. And we propose a password-based Simple Authenticated Key Agreement Protocol secure against Advanced Modification Attack.

키워드

참고문헌

  1. W. Diffie and M. E. Hellman, 'New Directions in cryptography,' IEEE Transaction on Information Theory, IT-22, 6, pp.644-654, 1976 https://doi.org/10.1109/TIT.1976.1055638
  2. R. Rivest, A. Shamir and L. Adleman, 'A method of obtaining digital signature and public key cryptosystem,' ACM Communication, Vol.21, No.2, pp.120-126, 1978 https://doi.org/10.1145/359340.359342
  3. T. ElGamal, 'A public key crytosystem and a signature scheme based on discrete logarithms,' IEEE Transaction on Information Theory, Vol.31, pp.469-472, 1985 https://doi.org/10.1109/TIT.1985.1057074
  4. S. Bellovin and M. Meritt, 'Encrypted key exchange : password-based protocols secure against dictionary attacks,' IEEE Symposium on Research in Security and Privacy, pp.72-84, 1992 https://doi.org/10.1109/RISP.1992.213269
  5. S. Bellovin and M. Meritt, 'Augmented encrypted key exchange : a password-based protocol secure against dictionary attacks and password-file compromised,' ACM Conf. on Computer and Communications Security, pp.244-250, 1993 https://doi.org/10.1145/168588.168618
  6. M. Boyarsky, 'Public-key cryptography and password protocols : the multi user case,' ACM Conf. on Computer and Communications Security, 1999 https://doi.org/10.1145/319709.319719
  7. V. Boyko, P. MacKenzie and S. Patel, 'Provably secure password authenticated key exchange using Diffie-Hellman,' Eurocrypt 00, pp. 156-171, 2000
  8. M. Bellare, D. Pointcheval and P. Rogaway, 'Authenticated Key Exchange secure against Dictionary Attacks,' Eurocrypt 00, pp.139-155, 2000
  9. D. H. Seo and P. Sweeny, 'Simple authenticated key agreement algorithm,' Electronics Letters, Vol.35, No.13, pp.1073-1074, 1999 https://doi.org/10.1049/el:19990724
  10. Y. M. Tseng, 'Weakness in simple authen-ticated key agreement protocol,' Electronics Letters, Vol.36, No.1, pp.48-49, 2000 https://doi.org/10.1049/el:20000112
  11. W. C. Ku and Wang, 'Cryptanaysis of modified authenticated key agreement protocol,' Electronics Letters, Vol.36, No.21, pp.1770-1771, 2000 https://doi.org/10.1049/el:20001269
  12. I. C. Lin, C. C. Chang;M. S. Hwang, 'Security enhancement for the simple authentication key agreement algorithm,' 24th Annual International Computer Software and Application Conference, pp.113-115, 2000 https://doi.org/10.1109/CMPSAC.2000.884699