Password Authenticated Key Agreement for Contactless Smart CardsPassword Authenticated Key Agreement • July 17th, 2008
Abstract. This paper describes and compares the usage of password- based authenticated key agreement protocols to establish a secure com- munication channel between terminal and contactless card. In particu- lar, protocols of this kind are discussed for use in contactless ID cards. The aim of this paper is to discuss, for the first time, two cryptographic password-based protocols with respect to security, implementation efforts and performance. Furthermore, a real life implementation on NXP’s high security SmartMX chip is presented.
Practical Authenticated Key Agreement using PasswordsPassword Authenticated Key Agreement • September 25th, 2004
Abstract. Due to the low entropy of human-memorable passwords, it is not easy to conduct password authenticated key agreement in a secure manner. Though there are many protocols achieving this goal, they may require a large amount of computation specifically in the augmented model which was contrived to resist server compromise. Our contribution in this paper is two fold. First, we propose a new practical password authenticated key agreement protocol that is efficient and generic in the augmented model. Our scheme is considered from the practical perspective (in terms of efficiency) and is provably secure under the Diffie-Hellman intractability assumptions in the random-oracle model. Our second contribution is more realistic and generic; a conceptually simple but novel password guessing attack which can be mounted on every three-pass password- based protocol unless care is taken in both the design and implementation phases. This is due to the server’s failure to synchronize multiple si
Improved, chaotic maps,-based password-authenticated key agreement using smartPassword-Authenticated Key Agreement • November 24th, 2024
Summary: Elaborating on the security of password-based authenticated key agreement, in this paper, the author cryptanalyzes a chaotic maps-based password-authenticated key agreement proposed by C. Guo and C.-C. Chang [Commun. Nonlinear Sci. Numer. Simul. 18, No. 6, 1433–1440 (2013; Zbl 1301.94135)] recently. Specifically, their protocol could not achieve strong user anonymity due to a fixed parameter and a malicious adversary is able to derive the shared session key by manipulating the property of Chebyshev chaotic maps. Additionally, the author also presents an improved scheme to eliminate the above weaknesses and still maintain the efficiency.
