For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
Security Improvement on Wu and Zhu's Protocol for Password-Authenticated Group Key Exchange
Junghyun NAM Juryon PAIK Dongho WON
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences
Publication Date: 2011/02/01
Online ISSN: 1745-1337
Print ISSN: 0916-8508
Type of Manuscript: LETTER
Category: Cryptography and Information Security
group communication, group key exchange, password, implicit key authentication, key confirmation,
Full Text: PDF(126.6KB)
>>Buy this Article
A group key exchange (GKE) protocol allows a group of parties communicating over a public network to establish a common secret key. As group-oriented applications gain popularity over the Internet, a number of GKE protocols have been suggested to provide those applications with a secure multicast channel. In this work, we investigate the security of Wu and Zhu's password-authenticated GKE protocol presented recently in FC'08. Wu and Zhu's protocol is efficient, supports dynamic groups, and can be constructed generically from any password-authenticated 2-party key exchange protocol. However, despite its attractive features, the Wu-Zhu protocol should not be adopted in its present form. Due to a flaw in its design, the Wu-Zhu protocol fails to achieve authenticated key exchange. We here report this security problem with the Wu-Zhu protocol and show how to solve it.