Cryptanalysis of a Password-based Group Key Exchange Protocol Using Secret Sharing

Authors

Ruxandra F. Olimid, Department of Computer Science, University of Bucharest, RomaniaFollow

Author Country (or Countries)

Romania

Abstract

Yuan et al. recently introduced a password-based group key transfer protocol that uses secret sharing, which they claim to be efficient and secure [9]. We remark its resemblance to the construction of Harn and Lin [1], which Nam et al. proved vulnerable to a replay attack [3]. It is straightforward that the same attack can be mount against Yuan et al.’s protocol, proving that the authors’ claim is false. In the same paper, Nam et al. propose a countermeasure that may also apply to Yuan et al.’s protocol. However, we show that their protocol remains susceptible to an insider attack (even if it stands against the replay attack): any malicious participant can recover the long-term secret password of any other user and therefore becomes able to compute group keys he is unauthorized to know.

Suggested Reviewers

N/A

Recommended Citation

F. Olimid, Ruxandra (2013) "Cryptanalysis of a Password-based Group Key Exchange Protocol Using Secret Sharing," Applied Mathematics & Information Sciences: Vol. 07: Iss. 4, Article 44.
Available at: https://digitalcommons.aaru.edu.jo/amis/vol07/iss4/44