0% Complete
فارسی
Home
/
پانزدهمین کنفرانس بین المللی فناوری اطلاعات و دانش
Cryptanalysis of two password authenticated key exchange schemes
Authors :
Mohammad Ali Poorafsahi
1
Hamid Mala
2
1- دانشگاه اصفهان
2- دانشگاه اصفهان
Keywords :
Authentication،EKE،Key Exchange،LWE،PAKE،assword guessing attack
Abstract :
In the realm of password authenticated key exchange (PAKE) protocols, security and efficiency are of greatest importance. This article examines two modern PAKE schemes: the RLWE-SRP, a quantum-safe variant of the Secure Remote Password (SRP) protocol, and the ID-PAKE-PFS, an identity-based Password Authentication and Key Establishment scheme. Our analysis reveals specific vulnerabilities in both protocols: RLWE-SRP is susceptible to Denial of Service (DoS) attacks due to the lack of initial message validation, while ID-PAKE-PFS is vulnerable to password guessing attacks due to the inclusion of identities in ciphertexts. To address these vulnerabilities, we propose modifications for each of them: (1) For RLWE-SRP, we introduce a hash-based validation step in the authentication phase to verify the authenticity of initial messages. (2) For ID-PAKE-PFS, we suggest slight modification in how ciphertexts are calculated to prevent attackers from verifying password guesses. These modifications effectively strengthen both protocols against their respective vulnerabilities while maintaining their core functionalities in both classical and post-quantum environments.
Papers List
List of archived papers
A Community-Based Method for Identifying Influential Nodes using Network Embedding
Nargess Vafaei - Dr Mohammad Reza Keyvanpour
Non-Linear Control of Cancer Model, Considering the Drug Resistance Using Feedback Based Chemotherapy Approach
Danial Kiaei - Hami Tourajizadeh
Using Deconvolutional Variational Autoencoder for Answer Selection in Community Question Answering
Golshan Afzali Boroujeni - Heshaam Faili
AI-Powered Beauty Insights: Sentiment Analysis in a Low-Resource Language
Sajedeh Talebi - Neda Abdolvand - Fatemeh Mahdian
طبقهبندی ترافیک رمز مبتنی بر یادگیری ماشین
افسانه معدنی - شقایق نادری - حسین قرایی
Evaluating LLMs in Persian News Summarization
Arya VarastehNezhad - Reza Tavasoli - Mostafa Masumi - Seyed Soroush Majd - Mehrnoush Shamsfard
Spatial On–Off Keying Modulation with Mirror-Array Optical IRSs for Indoor Machine-to-Machine Visible Light Communication
Babak Sadeghi - Seyed Mohammad Sajad Sadough
LLM-Driven Feature Extraction for Stock Market Prediction: A case study of Tehran Stock Exchange
Siavash Hosseinpour Saffarian - Saman Haratizadeh
بهبود تشخیص نفوذ به شبکه اینترنت اشیاء با استفاده از مدل ترکیبی الگوریتم های بهینهسازی ازدحام ذرات، گرگ خاکستری و جنگل تصادفی
مهدی علیرضانژاد - عمار عبیس حسین المعموری
Kalman Filter–Based Anomaly Detection for User Authentication Failures in Enterprise Logs
Somayeh Soltani - Hossein Nikdel
more
Samin Hamayesh - Version 42.5.2