Her-Tyan Yeh

Efficient Three-Party Authentication and Key Agreement Protocols Resistant to Password Guessing Attacks

Three-party EKE was proposed to establish a session key between two clients through a server However, three-party EKE is insecure against undetectable on-line and off-line password guessing attacks In this paper, we first propose an enhanced three-party EKE to withstand the security risk in three-party EKE We also propose a verifier-based three-party EKE that is more secure than a plaintext-equivalent mechanism in which a compromise of the servers database will not result in success in directly impersonating clients

Simple authenticated key agreement protocol resistant to password guessing attacks

Password-based mechanism is the widely used method for user authentication. Many password-based authenticated key exchange protocols have been proposed to resist password guessing attacks. In this paper, we present a simple authenticated key agreement protocol called SAKA which is simple and cost-effective. To examine its security, we provide a formal proof of security to show its strength against both passive and active adversaries. Compared with the previously best protocols, SAKA has less number of steps and less computation cost.

Password authenticated key exchange protocols among diverse network domains

Up to now, all papers in password-authenticated key exchange protocols are constrained to two-party or three-party models. Under these two models, the clients are registered or authenticated by the same server. However, in reality two communicants may register under two different servers. In this case, the above models are inefficient or not suitable any more. This paper will discuss password authenticated key exchange protocol where both communicants are registered in two distinct servers.

Password-based user authentication and key distribution protocols for client-server applications

Up to now, most of the literature on three-party authentication and key distribution protocols has focused on the environment in which two users (clients) establish a session key through an authentication server. In this paper, we discuss another environment in which a user (client) requests service from an application server through an authentication server. We propose two secure and efficient authentication protocols (KTAP: key transfer authentication protocol and KAAP: key agreement authentication protocol) to fit this environment. These two proposed protocols can be efficiently applied to various communication systems in distributed computing environments since they provide security, efficiency, and reliability.

Security analysis of the generalized key agreement and password authentication protocol

We show that the enhanced version of the generalized key agreement and password authentication protocol, proposed by Kwon and Song (see IEICE Trans. Commun., vol.E83-B, no.9, p.2044-50, Sept. 2000), is insecure against off-line password guessing attacks.

On the design of time-stamped signatures

To ensure integrity and originality of digital information, digital signatures were proposed to provide both authority and non-repudiation. However, without an authenticated time-stamp we can neither trust signed documents when the signers signature key, was lost, stolen, or accidentally compromised, nor solve the cases when the signer himself repudiates the signing, claiming that he has accidentally lost his signature key. Based on relative temporal authentication, several linking schemes for digital time-stamping have been proposed to solve this problem. However, these schemes suffer from the forward forgery which is an attempt to stamp a present time-stamp on a past document by an unauthorized one. In addition, the verification cost in these schemes is too high because it is dependent upon the number of the issued time-stamps. In this paper, we propose four time-stamped signature schemes that are based on absolute temporal authentication. These proposed schemes are very efficient in verifying the validity of time-stamped signatures and are quite secure against the forward forgery. It is natural that the time-stamped signature schemes based on absolute temporal authentication suffer from the weakness when the signer colludes with the Time-Stamping Service. To combat the collusion problem, time-stamped signature schemes with hybrid temporal authentication are therefore proposed.

Security of Park-Lim key agreement schemes for VSAT satellite communications

Park and Lim [1998] proposed a modified Yacobi scheme, a modified Diffie-Hellman scheme in two cases, and a modified Diffie-Hellman scheme with ID for key agreement in very small aperture terminal satellite communications. In this paper, we show that the three Park-Lim schemes are insecure against an impersonation attack.

Improved Authenticated Multiple-Key Agreement Protocol

Recently, Yen and Joye showed that Harn and Lins authenticated multiple-key agreement protocol is insecure against forgery and consequently proposed a revised protocol to repair it. Later, Wu et al. showed that Yen and Joyes revision is also insecure and therefore an improved protocol was proposed. However, Wu et al.s protocol violates the original requirement in which no one-way hash function is needed. On the other hand, in order to overcome Yen and Joyes and Wu et al.s attacks, Harn and Lin proposed a modified version by modifying the signature signing equation. But the modified version increases one exponentiation in the verification equation. In this paper, we first show that Wu et al.s protocol still suffers the forgery problem, and then we propose an improved scheme that is secure against forgery and does not involve any one-way hash function. Compared with Harn and Lins modified version, our scheme is efficient in the verification equation.