0% Complete
English
صفحه اصلی
/
پانزدهمین کنفرانس بین المللی فناوری اطلاعات و دانش
Cryptanalysis of two password authenticated key exchange schemes
نویسندگان :
Mohammad Ali Poorafsahi
1
Hamid Mala
2
1- دانشگاه اصفهان
2- دانشگاه اصفهان
کلمات کلیدی :
Authentication،EKE،Key Exchange،LWE،PAKE،assword guessing attack
چکیده :
In the realm of password authenticated key exchange (PAKE) protocols, security and efficiency are of greatest importance. This article examines two modern PAKE schemes: the RLWE-SRP, a quantum-safe variant of the Secure Remote Password (SRP) protocol, and the ID-PAKE-PFS, an identity-based Password Authentication and Key Establishment scheme. Our analysis reveals specific vulnerabilities in both protocols: RLWE-SRP is susceptible to Denial of Service (DoS) attacks due to the lack of initial message validation, while ID-PAKE-PFS is vulnerable to password guessing attacks due to the inclusion of identities in ciphertexts. To address these vulnerabilities, we propose modifications for each of them: (1) For RLWE-SRP, we introduce a hash-based validation step in the authentication phase to verify the authenticity of initial messages. (2) For ID-PAKE-PFS, we suggest slight modification in how ciphertexts are calculated to prevent attackers from verifying password guesses. These modifications effectively strengthen both protocols against their respective vulnerabilities while maintaining their core functionalities in both classical and post-quantum environments.
لیست مقالات
لیست مقالات بایگانی شده
To Kill a Mockingbird: Cryptanalysis of an Authenticated Key Exchange Scheme for Drones
Neda Toghraee - Hamid Mala
یک روش خوشه بندی گره ها برای شبکه های حسگر بیسیم با هدف بهبود متوازن سازی بار مبتنی بر تکنیک تاپسیس
راضیه حسین رضایی - فهیمه یزدان پناه
An efficient hybrid approach for performance-based alternative design evaluation in systems engineering
Abbas Chaman Para - Maryam Nooraei Abadeh - Sondos Bahadori
Investigating the impact of management information systems (MIS) on organizational transparency with an emphasis on work ethics
Sadegh Balouch - Omid mehdi Ebadati
Benchmarking Embedding Models for Persian-Language Semantic Information Retrieval
Mahmood Kalantari - Mehdi Feghhi - Nasser Mozayani
STANet: Spatio-Temporal Attention-Enhanced WaveNet for Crime Hotspot Prediction
Rojan Roshankar - Mohammad Reza Keyvanpour
یک روش کارآمد جهت تشخیص آنلاین حملات DRDoS به سرویس های مبتنی بر UDP درمعماری SDN با استفاده از الگوریتم های یادگیری ماشین
میترا اکبری کهنه شهری - دکتر رضا محمدی - دکتر محمد نصیری میترا اکبری کهنه شهری - رضا محمدی - محمد نصیری -
COVID-19 Image Retrieval Using Siamese Deep Neural Network and Hashing Technique
Farsad Zamani Boroujeni - Doryaneh Hossein Afshari - Fatemeh Mahmoodi
A Comparative Evaluation of Machine Learning Models for Anomaly-Based IDS in IoT Networks
Seyed Amir Mousavi - Mostafa Sadeghi - Mohammad Sadeq Sirjani
Enhancing kNN-Based Intrusion Detection with Differential Evolution with Auto-Enhanced Population Diversity
Zohre Karimi - Zeinab Torabi
بیشتر
ثمین همایش، سامانه مدیریت کنفرانس ها و جشنواره ها - نگارش 42.0.3