|
|
 |
| |
|
|
|
Cryptanalysis of a Password-based Group Key Exchange Protocol Using Secret Sharing |
|
|
|
PP: 1585-1590 |
|
|
|
Author(s) |
|
|
|
Ruxandra F. Olimid,
|
|
|
|
Abstract |
|
|
| Yuan et al. recently introduced a password-based group key transfer protocol that uses secret sharing, which they claim to
be efficient and secure [9]. We remark its resemblance to the construction of Harn and Lin [1], which Nam et al. proved vulnerable to a
replay attack [3]. It is straightforward that the same attack can be mount against Yuan et al.’s protocol, proving that the authors’ claim
is false. In the same paper, Nam et al. propose a countermeasure that may also apply to Yuan et al.’s protocol. However, we show that
their protocol remains susceptible to an insider attack (even if it stands against the replay attack): any malicious participant can recover
the long-term secret password of any other user and therefore becomes able to compute group keys he is unauthorized to know. |
|
|
|
|
|
|
|
