• Journal of Internet Computing and Services
    ISSN 2287 - 1136 (Online) / ISSN 1598 - 0170 (Print)
    https://jics.or.kr/

Dictionary Attack on Huang-Wei's Key Exchange and Authentication Scheme


Mi-Jin Kim, Jung-Hyun Nam, Dong-Ho Won, Journal of Internet Computing and Services, Vol. 9, No. 2, pp. 83-88, Apr. 2008
Full Text:
Keywords: session initiation protocol, authentication, Key Exchange, Dictionary Attack, Forward Secrecy

Abstract

Session initiation protocol (SIP) is an application-layer prolocol to initiate and control multimedia client session. When client ask to use a SIP service, they need to be authenticated in order to get service from the server. Authentication in a SIP application is the process in which a client agent present credentials to another SIP element to establish a session or be granted access to the network service. In 2005, Yang et al. proposed a key exchange and authentication scheme for use in SIP applications, which is based on the Diffie-Hellman protocol. But, Yang et al.'s scheme is not suitable for the hardware-limited client and severs, since it requires the protocol participant to perform significant amount of computations (i.e., four modular exponentiations). Based on this observation. Huang and Wei have recently proposed a new efficient key exchange and authentication scheme thor improves on Yang et al.'s scheme. As for security, Huang and Wei claimed, among others, that their scheme is resistant to offline dictionary attacks. However, the claim turned out to be untrue. In this paper, we show thor Huang and Wei's key exchange and authentication scheme is vulnerable to on offline dictionary attack and forward secrecy.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from November 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[APA Style]
Kim, M., Nam, J., & Won, D. (2008). Dictionary Attack on Huang-Wei's Key Exchange and Authentication Scheme. Journal of Internet Computing and Services, 9(2), 83-88.

[IEEE Style]
M. Kim, J. Nam, D. Won, "Dictionary Attack on Huang-Wei's Key Exchange and Authentication Scheme," Journal of Internet Computing and Services, vol. 9, no. 2, pp. 83-88, 2008.

[ACM Style]
Mi-Jin Kim, Jung-Hyun Nam, and Dong-Ho Won. 2008. Dictionary Attack on Huang-Wei's Key Exchange and Authentication Scheme. Journal of Internet Computing and Services, 9, 2, (2008), 83-88.