Improvement of Password Authenticated Key Exchange Based on RSA for Imbalanced Wireless Networks

Her-Tyan YEH  Hung-Min SUN  Cheng-Ta YANG  Bing-Cheng CHEN  Shin-Mu TSENG  

IEICE TRANSACTIONS on Communications   Vol.E86-B   No.11   pp.3278-3282
Publication Date: 2003/11/01
Online ISSN: 
Print ISSN: 0916-8516
Type of Manuscript: LETTER
Category: Fundamental Theories
authenticated,  key exchange,  password,  guessing attack,  wireless network,  

Full Text: PDF>>
Buy this Article

Recently, Zhu et al. proposed an password-based authenticated key exchange protocol based on RSA such that it is efficient enough to be implemented on most of the target low-power devices such as smart cards and low-power Personal Digital Assistants in wireless networks. They claimed that the proposed scheme is secure against dictionary attacks. In this paper, we show that the scheme proposed by Zhu et al. is insecure against undetectable on-line password guessing attacks. Furthermore, we examine Zhu et al.'s protocol and find that Zhu et al.'s protocol does not achieve explicit key authentication. An improved version is then proposed to defeat the undetectable on-line password guessing attacks and also provide explicit key authentication.