Paper 2011/527
Security Weaknesses of password-only authenticated key establishment protocol without public key cryptography
Mohsen Toorani and Maryam Saeed
Abstract
In 2005, Laih et al. proposed a password-based authentication key exchange protocol that is not based on public key cryptography but uses human ability to extract strings from distorted images. In this letter, it is shown that Laih et al.’s protocol is vulnerable to password compromise impersonation, malicious server, offline password guessing, undetectable online password guessing, stolen-verifier, and Unknown Key-Share (UKS) attacks and it does not provide forward secrecy and key confirmation.
Metadata
- Available format(s)
- -- withdrawn --
- Publication info
- Published elsewhere. Unknown where it was published
- Keywords
- Cryptographic protocolsPAKECAPTCHASecurity analysisAttacks
- Contact author(s)
- mohsen toorani @ ii uib no
- History
- 2011-10-15: withdrawn
- 2011-09-28: received
- See all versions
- Short URL
- https://ia.cr/2011/527
- License
-
CC BY