- 期刊
Another Security Weakness in an Authenticated Group Key Agreement
並列摘要
Recently, Hwang et al. [1] showed that the authenticated group key agreement protocol proposed by Dutta and Barua [2] suffers from an impersonation attack and proposed an improvement to fix the problem. The goal of this paper is to prove that both the scheme of [2] and its improved version have another security weakness. In [2], it is claimed that the protocol has the ability to detect the presence of a corrupted group member so that if an invalid message is sent, then this can be detected by all legitimate members of the group. In this paper, we show that this claim is not true even in the improved version. We prove that two malicious participants can prohibit legitimate participants from obtaining the same shared key and remain completely unnoticed.
延伸閱讀
- Wang, S. B., Cao, Z. F., & Cao, F. (2008). Efficient Identity-based Authenticated Key Agreement Protocol with PKG Forward Secrecy. International Journal of Network Security, 7(2), 181-186. https://doi.org/10.6633/IJNS.200809.7(2).05
- Bayat, M., & Aref, M. R. (2015). An Attribute Based Key Agreement Protocol Resilient to KCI Attack. International Journal of Electronics and Information Engineering, 2(1), 10-20. https://doi.org/10.6636/IJEIE.201503.2(1).02
- Hwang, M. S., Li, H. W., & Yang, C. Y. (2023). An Improved of Enhancements of a User Authentication Scheme. International Journal of Network Security, 25(3), 508-514. https://doi.org/10.6633/IJNS.202305_25(3).15
- Zhu, D., Wang, L., & Zhu, H. (2021). Two Lightweight Authenticated Key Agreement Protocols Using Physically Unclonable Function with Privacy Protection. International Journal of Network Security, 23(2), 278-285. https://doi.org/10.6633/IJNS.202103_23(2).11
- Cheng, K. M., Chang, T. Y., & Lo, J. W. (2010). Cryptanalysis of Security Enhancement for a Modified Authenticated Key Agreement Protocol. International Journal of Network Security, 11(1), 55-57. https://doi.org/10.6633/IJNS.201007.11(1).08