Authenticated key exchange protocols resistant to password guessing attacks

Research output: Contribution to journalArticle

22 Citations (Scopus)

Abstract

A user-chosen password is not appropriate for a shared secret by which an authenticated key exchange protocol is operated. This is because users choose their passwords so that they can be easily memorised and can be typed using an alphabetic keyboard or a numeric keypad. Therefore, the password becomes a weak secret which is vulnerable to guessing attacks. However, users prefer to utilise the short easily memorised passwords. Several protocols, which are resistant to guessing attacks, have been developed to overcome this problem. However, they are inefficient in terms of the computation and communication costs. As a more practical solution, the authors propose new authenticated key exchange protocols by reducing the number of random numbers, cipher operations, and protocol steps. To achieve this goal, they deliberately use a one-time pad and a strong oneway hash function in their protocols.

Original languageEnglish
Pages (from-to)304-308
Number of pages5
JournalIEE Proceedings: Communications
Volume145
Issue number5
DOIs
Publication statusPublished - 1998 Jan 1

Fingerprint

Computer keyboards
Hash functions
Ion exchange
Communication
Costs

All Science Journal Classification (ASJC) codes

  • Electrical and Electronic Engineering

Cite this

@article{e7df2aa90ae44951b10310a5c7d9dfb9,
title = "Authenticated key exchange protocols resistant to password guessing attacks",
abstract = "A user-chosen password is not appropriate for a shared secret by which an authenticated key exchange protocol is operated. This is because users choose their passwords so that they can be easily memorised and can be typed using an alphabetic keyboard or a numeric keypad. Therefore, the password becomes a weak secret which is vulnerable to guessing attacks. However, users prefer to utilise the short easily memorised passwords. Several protocols, which are resistant to guessing attacks, have been developed to overcome this problem. However, they are inefficient in terms of the computation and communication costs. As a more practical solution, the authors propose new authenticated key exchange protocols by reducing the number of random numbers, cipher operations, and protocol steps. To achieve this goal, they deliberately use a one-time pad and a strong oneway hash function in their protocols.",
author = "Taekyoung Kwon and Song, {Joo Seok}",
year = "1998",
month = "1",
day = "1",
doi = "10.1049/ip-com:19982282",
language = "English",
volume = "145",
pages = "304--308",
journal = "IEE Proceedings: Communications",
issn = "1350-2425",
publisher = "Institute of Electrical Engineers",
number = "5",

}

Authenticated key exchange protocols resistant to password guessing attacks. / Kwon, Taekyoung; Song, Joo Seok.

In: IEE Proceedings: Communications, Vol. 145, No. 5, 01.01.1998, p. 304-308.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Authenticated key exchange protocols resistant to password guessing attacks

AU - Kwon, Taekyoung

AU - Song, Joo Seok

PY - 1998/1/1

Y1 - 1998/1/1

N2 - A user-chosen password is not appropriate for a shared secret by which an authenticated key exchange protocol is operated. This is because users choose their passwords so that they can be easily memorised and can be typed using an alphabetic keyboard or a numeric keypad. Therefore, the password becomes a weak secret which is vulnerable to guessing attacks. However, users prefer to utilise the short easily memorised passwords. Several protocols, which are resistant to guessing attacks, have been developed to overcome this problem. However, they are inefficient in terms of the computation and communication costs. As a more practical solution, the authors propose new authenticated key exchange protocols by reducing the number of random numbers, cipher operations, and protocol steps. To achieve this goal, they deliberately use a one-time pad and a strong oneway hash function in their protocols.

AB - A user-chosen password is not appropriate for a shared secret by which an authenticated key exchange protocol is operated. This is because users choose their passwords so that they can be easily memorised and can be typed using an alphabetic keyboard or a numeric keypad. Therefore, the password becomes a weak secret which is vulnerable to guessing attacks. However, users prefer to utilise the short easily memorised passwords. Several protocols, which are resistant to guessing attacks, have been developed to overcome this problem. However, they are inefficient in terms of the computation and communication costs. As a more practical solution, the authors propose new authenticated key exchange protocols by reducing the number of random numbers, cipher operations, and protocol steps. To achieve this goal, they deliberately use a one-time pad and a strong oneway hash function in their protocols.

UR - http://www.scopus.com/inward/record.url?scp=0032182009&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0032182009&partnerID=8YFLogxK

U2 - 10.1049/ip-com:19982282

DO - 10.1049/ip-com:19982282

M3 - Article

AN - SCOPUS:0032182009

VL - 145

SP - 304

EP - 308

JO - IEE Proceedings: Communications

JF - IEE Proceedings: Communications

SN - 1350-2425

IS - 5

ER -