Abstract: Encrypted Key Exchange (EKE) (S. Bellovin and M. Merritt, 1992; 1993) allows two parties sharing a password to exchange authenticated information over an insecure network by using a combination of public and secret key cryptography. EKE promises security against active attacks and dictionary attacks. Other secure protocols have been proposed based on the use of randomized confounders (L. Gong et al., 1993). We use some basic results from number theory to present password guessing attacks on all versions of EKE discussed in the paper (S. Bellovin and M. Merritt, 1992) and we also offer countermeasures to the attacks. However for the RSA version of EKE, we show that simple modifications are not enough to rescue the protocol. Attacks are also presented on half encrypted versions of EKE. We also show how randomized confounders cannot protect Direct Authentication Protocol and Secret Public Key Protocol versions of a secure password scheme from attacks. We discuss why these attacks are possible against seemingly secure protocols and what is necessary to make secure protocols.
Index Terms:
message authentication; number theoretic attacks; secure password schemes; Encrypted Key Exchange; EKE; authenticated information exchange; insecure network; secret key cryptography; active attacks; dictionary attacks; secure protocols; randomized confounders; password guessing attacks; RSA version; half encrypted versions; Direct Authentication Protocol; Secret Public Key Protocol versions
Citation:
S. Patel, "Number theoretic attacks on secure password schemes," sp, pp.0236, 1997 IEEE Symposium on Security and Privacy, 1997
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb