Journal of the Korea Society of Computer and Information (한국컴퓨터정보학회논문지)

Korean Society of Computer Information (한국컴퓨터정보학회)
권호 표지
DOI QR코드

DOI QR Code

A Security Analysis of Zhao and Gu's Key Exchange Protocol

Zhao와 Gu가 제안한 키 교환 프로토콜의 안전성 분석

  • Nam, Jung-Hyun (Dept. of Computer Engineering, Konkuk University) ;
  • Paik, Ju-Ryon (Dept. of Computer Engineering, Sungkyunkwan University) ;
  • Lee, Young-Sook (Dept. of Cyber Investigation Police, Howon University) ;
  • Won, Dong-Ho (Dept. of Computer Engineering, Sungkyunkwan University)
  • 남정현 (건국대학교 컴퓨터공학과) ;
  • 백주련 (성균관대학교 컴퓨터공학과) ;
  • 이영숙 (호원대학교 사이버수사 경찰학부) ;
  • 원동호 (성균관대학교 컴퓨터공학과)
  • Received : 2012.07.05
  • Accepted : 2012.09.03
  • Published : 2012.09.30
Download PDF
⟨ Previous Next ⟩

Abstract

Key exchange protocols are essential for building a secure communication channel over an insecure open network. In particular, password-based key exchange protocols are designed to work when user authentication is done via the use of passwords. But, passwords are easy for human beings to remember, but are low entropy and thus are subject to dictionary attacks. Recently, Zhao and Gu proposed a new server-aided protocol for password-based key exchange. Zhao and Gu's protocol was claimed to be provably secure in a formal adversarial model which captures the notion of leakage of ephemeral secret keys. In this paper, we mount a replay attack on Zhao and Gu's protocol and thereby show that unlike the claim of provable security, the protocol is not secure against leakage of ephemeral secret keys. Our result implies that Zhao and Gu's proof of security for the protocol is invalid.

키 교환 프로토콜은 공개 네트워크상에서 안전한 통신 채널을 구축하는데 필수적인 요소이다. 특히, 패스워드 기반 키 교환 프로토콜에서는 패스워드를 이용하여 사용자 인증이 이루어지며 이를 바탕으로 안전하게 키 교환이 이루어지도록 설계되어야 한다. 그러나 패스워드는 인간이 쉽게 기억할 수 있는 반면에 엔트로피가 낮고 따라서 사전공격에 쉽게 노출될 수 있다. 최근, Zhao와 Gu가 서버의 도움을 필요로 하는 새로운 패스워드 기반 키 교환 프로토콜을 제안하였다. Zhao와 Gu가 제안한 프로토콜은 일회성 비밀키의 노출 상황을 고려하는 공격자 모델에서도 안전성이 증명가능하다고 주장하였다. 본 논문에서는 Zhao와 Gu의 프로토콜에 대한 재전송 공격을 통하여 이 프로토콜이 저자들의 주장과 달리 일회성 비밀키의 노출 시에 안전하지 않다는 것을 보일 것이다. 본 연구 결과는 Zhao와 Gu가 제시한 안전성 증명이 성립하지 않음을 의미한다.

Keywords

References

  1. S. Bellovin and M. Merritt, "Encrypted key exchange: password-based protocols secure against dictionary attacks," in Proceedings of IEEE Symposium on Research in Security and Privacy, pp. 72-84, 1992.
  2. M. Bellare, D. Pointcheval, and P. Rogaway, "Authenticated key exchange secure against dictionary attacks," in Proceedings of Eurocrypt' 00, LNCS vol. 1807, pp. 139-155, 2000.
  3. V. Boyko, P. MacKenzie, and S. Patel, "Provably secure password-authenticated key exchange using Diffie-Hellman," in Proceedings of Eurocrypt' 00, LNCS vol. 1807, pp. 156-171, 2000.
  4. M. Zhang, "New approaches to password authenticated key exchange based on RSA," in Proceedings of Asiacrypt'04, LNCS vol. 3329, pp. 230-244, 2004.
  5. M. Abdalla and D. Pointcheval, "Simple passwordbased encrypted key exchange protocols," in Proceedings of CT-RSA'05, LNCS vol. 3376, pp. 191-208, 2005.
  6. J. Katz, R. Ostrovsky, and M. Yung, "Efficient and secure authenticated key exchange using weak passwords," Journal of the ACM, vol. 57, no. 1, pp. 78-116, 2009.
  7. J. Katz and V. Vaikuntanathan, "Round-optimal password-based authenticated key exchange," in Proceedings of TCC'11, LNCS vol. 6597, pp. 293-310, 2011.
  8. M. Steiner, G. Tsudik, and M. Waidner, "Refinement and extension of encrypted key exchange," ACM SIGOPS Operating Systems Review, vol. 29, no. 3, pp. 22-30, 1995. https://doi.org/10.1145/206826.206834
  9. C. Lin, H. Sun, and T. Hwang, "Three-party encrypted key exchange: attacks and a solution," ACM SIGOPS Operating Systems Review, vol. 34, no. 4, pp. 12-20, 2000. https://doi.org/10.1145/506106.506108
  10. M. Abdalla, P. Fouque, and D. Pointcheval, "Password-based authenticated key exchange in the three-party setting," in Proceedings of PKC'05, LNCS vol. 3386, pp. 65-84, 2005.
  11. R. Lu, Z. Cao, "Simple three-party key exchange protocol," Computers & Security, vol. 26, no. 1, pp. 94-97, 2007. https://doi.org/10.1016/j.cose.2006.08.005
  12. K. Yoneyama, "Efficient and strongly secure password-based server aided key exchange," in Proceedings of Indocrypt'08, LNCS vol. 5365, pp. 172-184, 2008.
  13. J. Steiner, C. Newman, and J. Schiller, "Kerberos: an authentication service for open network systems," in Proceedings of 1998 USENIX Winter Conference, pp. 191-202, 1998.
  14. J. Zhao and D. Gu, "Provably secure three-party password-based authenticated key exchange protocol," Information Sciences, vol. 184, no. 1, pp. 310-323, 2012. https://doi.org/10.1016/j.ins.2011.07.015
  15. D. Cash, E. Kiltz, and V. Shoup, "The twin Diffie-Hellman problem and applications," in Proceedings of Eurocrypt'08, LNCS vol. 4965, pp. 127-145, 2008.
  16. M. Bellare and P. Rogaway, "Random oracles are practical: A paradigm for designing efficient protocols," in Proceedings of 1st ACM Conference on Computer and Communications Security, pp. 62-73, 1993.
  17. R. Canetti and H. Krawczyk, "Analysis of key-exchange protocols and their use for building secure channels," in Proceedings of Eurocrypt'01, LNCS vol. 2045, pp. 453-474, 2001.
  18. J. Nam, J. Paik, U. Kim, and D. Won, "Resource-aware protocols for authenticated group key exchange in integrated wired and wireless networks," Information Sciences, vol. 177, no. 23, pp. 5441-5467, 2007. https://doi.org/10.1016/j.ins.2007.06.002
  19. K. Choo, C. Boyd, Y. Hitchcock, and G. Maitland, "On session identifiers in provably secure protocols," in Proceedings of 4th Conference on Security in Communication Networks, LNCS vol. 3352, pp. 351-366, 2005.