The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Um protocolo de troca de chaves de grupo (GKE) permite que um grupo de partes que se comunicam por uma rede pública estabeleça uma chave secreta comum. À medida que os aplicativos orientados a grupos ganham popularidade na Internet, vários protocolos do GKE foram sugeridos para fornecer a esses aplicativos um canal multicast seguro. Neste trabalho, investigamos a segurança do protocolo GKE autenticado por senha de Wu e Zhu, apresentado recentemente no FC'08. O protocolo de Wu e Zhu é eficiente, suporta grupos dinâmicos e pode ser construído genericamente a partir de qualquer protocolo de troca de chaves entre duas partes autenticado por senha. Contudo, apesar das suas características atractivas, o protocolo Wu-Zhu não deve ser adoptado na sua forma actual. Devido a uma falha em seu design, o protocolo Wu-Zhu não consegue realizar a troca de chaves autenticada. Relatamos aqui este problema de segurança com o protocolo Wu-Zhu e mostramos como resolvê-lo.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copiar
Junghyun NAM, Juryon PAIK, Dongho WON, "Security Improvement on Wu and Zhu's Protocol for Password-Authenticated Group Key Exchange" in IEICE TRANSACTIONS on Fundamentals,
vol. E94-A, no. 2, pp. 865-868, February 2011, doi: 10.1587/transfun.E94.A.865.
Abstract: A group key exchange (GKE) protocol allows a group of parties communicating over a public network to establish a common secret key. As group-oriented applications gain popularity over the Internet, a number of GKE protocols have been suggested to provide those applications with a secure multicast channel. In this work, we investigate the security of Wu and Zhu's password-authenticated GKE protocol presented recently in FC'08. Wu and Zhu's protocol is efficient, supports dynamic groups, and can be constructed generically from any password-authenticated 2-party key exchange protocol. However, despite its attractive features, the Wu-Zhu protocol should not be adopted in its present form. Due to a flaw in its design, the Wu-Zhu protocol fails to achieve authenticated key exchange. We here report this security problem with the Wu-Zhu protocol and show how to solve it.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.E94.A.865/_p
Copiar
@ARTICLE{e94-a_2_865,
author={Junghyun NAM, Juryon PAIK, Dongho WON, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Security Improvement on Wu and Zhu's Protocol for Password-Authenticated Group Key Exchange},
year={2011},
volume={E94-A},
number={2},
pages={865-868},
abstract={A group key exchange (GKE) protocol allows a group of parties communicating over a public network to establish a common secret key. As group-oriented applications gain popularity over the Internet, a number of GKE protocols have been suggested to provide those applications with a secure multicast channel. In this work, we investigate the security of Wu and Zhu's password-authenticated GKE protocol presented recently in FC'08. Wu and Zhu's protocol is efficient, supports dynamic groups, and can be constructed generically from any password-authenticated 2-party key exchange protocol. However, despite its attractive features, the Wu-Zhu protocol should not be adopted in its present form. Due to a flaw in its design, the Wu-Zhu protocol fails to achieve authenticated key exchange. We here report this security problem with the Wu-Zhu protocol and show how to solve it.},
keywords={},
doi={10.1587/transfun.E94.A.865},
ISSN={1745-1337},
month={February},}
Copiar
TY - JOUR
TI - Security Improvement on Wu and Zhu's Protocol for Password-Authenticated Group Key Exchange
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 865
EP - 868
AU - Junghyun NAM
AU - Juryon PAIK
AU - Dongho WON
PY - 2011
DO - 10.1587/transfun.E94.A.865
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E94-A
IS - 2
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - February 2011
AB - A group key exchange (GKE) protocol allows a group of parties communicating over a public network to establish a common secret key. As group-oriented applications gain popularity over the Internet, a number of GKE protocols have been suggested to provide those applications with a secure multicast channel. In this work, we investigate the security of Wu and Zhu's password-authenticated GKE protocol presented recently in FC'08. Wu and Zhu's protocol is efficient, supports dynamic groups, and can be constructed generically from any password-authenticated 2-party key exchange protocol. However, despite its attractive features, the Wu-Zhu protocol should not be adopted in its present form. Due to a flaw in its design, the Wu-Zhu protocol fails to achieve authenticated key exchange. We here report this security problem with the Wu-Zhu protocol and show how to solve it.
ER -