{"title":"Augmented encrypted key exchange using RSA encryption","authors":"A. Barmawi, Shingo Takada, N. Doi","doi":"10.1109/PIMRC.1997.631052","DOIUrl":null,"url":null,"abstract":"The augmented encrypted key exchange (A-EKE) uses a shared secret key for encryption. The A-EKE uses the hash of sender's password as the shared secret key. By using Simmon's attack the sender's password can be broken. If this is accomplished, the attacker is able to know the communicating parties session key used after authentication as well as in the authentication of the sender. Furthermore, using the broken session key and the password, the attacker can impersonate the real sender. To prevent this from happening, we propose a method to keep the session key and sender's password secret even if the attacker can break the shared secret key. This is accomplished by using RSA encryption. In our proposed scheme we use public keys which will be kept by the communicating parties and will be exchanged indirectly, i.e. instead of sending the whole public key the two parties will send the number which determines their public key, along with the shared key.","PeriodicalId":362340,"journal":{"name":"Proceedings of 8th International Symposium on Personal, Indoor and Mobile Radio Communications - PIMRC '97","volume":"64 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1997-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of 8th International Symposium on Personal, Indoor and Mobile Radio Communications - PIMRC '97","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PIMRC.1997.631052","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 5
Abstract
The augmented encrypted key exchange (A-EKE) uses a shared secret key for encryption. The A-EKE uses the hash of sender's password as the shared secret key. By using Simmon's attack the sender's password can be broken. If this is accomplished, the attacker is able to know the communicating parties session key used after authentication as well as in the authentication of the sender. Furthermore, using the broken session key and the password, the attacker can impersonate the real sender. To prevent this from happening, we propose a method to keep the session key and sender's password secret even if the attacker can break the shared secret key. This is accomplished by using RSA encryption. In our proposed scheme we use public keys which will be kept by the communicating parties and will be exchanged indirectly, i.e. instead of sending the whole public key the two parties will send the number which determines their public key, along with the shared key.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
