

An Improved Password-Based Authenticated Key Agreement Scheme for Pervasive Applications

14 years 4 months ago
An Improved Password-Based Authenticated Key Agreement Scheme for Pervasive Applications
Password authentication is a popular approach used for user authentication in pervasive computing environments due to its simplicity and convenience. To secure the transmission between the communicants, an authenticated shared key should be established between the communicants as the encryption key or the MAC key. Recently, Chang, Yang, and Hwang presented a pass-word-based authenticated key agreement scheme that was claimed to be superior to similar schemes with respect to security and efficiency. In this paper, we show that their scheme is vulnerable to a denial-of-service attack. In addition, we demonstrate that their protected password change mechanism fails to provide backward secrecy. Finally, we propose an improved password-based authenticated key agreement scheme that can resist our described denial-ofservice attack and can provide backward secrecy.
Maw-Jinn Tsaur, Wei-Chi Ku, Hao-Rung Chung
Added 19 Oct 2010
Updated 19 Oct 2010
Type Conference
Year 2008
Where EUC
Authors Maw-Jinn Tsaur, Wei-Chi Ku, Hao-Rung Chung
Comments (0)