0% Complete
فارسی
Home
/
پانزدهمین کنفرانس بین المللی فناوری اطلاعات و دانش
Cryptanalysis of two password authenticated key exchange schemes
Authors :
Mohammad Ali Poorafsahi
1
Hamid Mala
2
1- دانشگاه اصفهان
2- دانشگاه اصفهان
Keywords :
Authentication،EKE،Key Exchange،LWE،PAKE،assword guessing attack
Abstract :
In the realm of password authenticated key exchange (PAKE) protocols, security and efficiency are of greatest importance. This article examines two modern PAKE schemes: the RLWE-SRP, a quantum-safe variant of the Secure Remote Password (SRP) protocol, and the ID-PAKE-PFS, an identity-based Password Authentication and Key Establishment scheme. Our analysis reveals specific vulnerabilities in both protocols: RLWE-SRP is susceptible to Denial of Service (DoS) attacks due to the lack of initial message validation, while ID-PAKE-PFS is vulnerable to password guessing attacks due to the inclusion of identities in ciphertexts. To address these vulnerabilities, we propose modifications for each of them: (1) For RLWE-SRP, we introduce a hash-based validation step in the authentication phase to verify the authenticity of initial messages. (2) For ID-PAKE-PFS, we suggest slight modification in how ciphertexts are calculated to prevent attackers from verifying password guesses. These modifications effectively strengthen both protocols against their respective vulnerabilities while maintaining their core functionalities in both classical and post-quantum environments.
Papers List
List of archived papers
طراحی و کنترل تطبیقی اورتز رباتیک پایین تنه با استفاده کنترلر منطقی قابل برنامه ریزی و رابط انسان با ماشین
فرهاد عظیمی فر - ستایش کرمی - نیایش امینی
بکارگیری الگوریتم بهینه سازی فاخته و منطق فازی به منظور بهبود زمانبندی وظایف در محیط محاسبات مه
فاطمه دوامی - حمید جلیلوند - فاطمه نجفی
تخلیهبار محاسباتی ریزدانه تحرکآگاه در رایانش لبه برای اینترنت اشیاء
شکوفه نوروزی - دکتر زینب موحدی شکوفه نوروزی - زینب موحدی -
Enhancing Supervised Learning in Speech Emotion Recognition through Unsupervised Representations
Niloufar Faridani - Amirali Soltani Tehrani - Ramin Toosi
Leveraging Retrieval-Augmented Generation for Persian University Knowledge Retrieval
Arshia Hemmat - Mohammad Hassan Heydari - Kianoosh Vadaei - Afsaneh Fatemi
Classical-Quantum Multiple Access Wiretap Channel with Common Message: One-shot Rate Region
Hadi Aghaee - Dr Bahareh Akhbari
Smart City Standardized Evaluation :Use Case of Mashhad
Dr ُSeyed Mohammadreza Mirsarraf - Dr Alireza Yari - Dr Navid Zohdi - Ali Motevalizadeh
سیستم پیشنهاددهنده غذای سالم با استفاده از داده کاوی عادت های تغذیه ای کاربران
محمد عباسی - مریم حسینی پزوه - محمدرضا شمس
Classification and Evaluation of Privacy Preserving Data Mining Methods
Negar Nasiri - Mohammadreza Keyvanpour
LuckyAgent2022: A Stop-Learning Multi-Armed Bandit Automated Negotiating Agent
Arash Ebrahimnezhad - Faria Nassiri-Mofakham
more
Samin Hamayesh - Version 41.3.1